-----------Google-----------
|
|
|
概要
Ubuntu16.04環境でpostfixを使用してメールサーバーを構築する。
ローカル環境でのメールの送受信はもちろんの事、gmailサーバーを使用して外に
メール送信が出来るように設定する。
作業及び動作確認方法
1. /etc/postfix/main.cf の編集
※relayhost =
[smtp.gmail.com]:587 gmailサーバーを利用した送信を行う場合
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
compatibility_level = 2
content_filter = scan:127.0.0.1:10026
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name
$process_id & sleep 5
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_size_limit = 1073741824
mailq_path = /usr/bin/mailq
message_size_limit = 10485760
mydestination = $myhostname,
localhost.$mydomain, localhost
mydomain = kkuma.mydns.jp
myhostname = kkuma.mydns.jp
mynetworks = 192.168.10.0/24,
127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
relayhost = [smtp.gmail.com]:587
sendmail_path = /usr/sbin/postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_sasl_password_maps =
hash:/etc/postfix/sasl/saslpass
smtp_sasl_tls_security_options =
noanonymous
smtp_tls_session_cache_database =
btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions =
permit_mynetworks, check_client_access
hash:/etc/postfix/client_access, permit
smtpd_recipient_restrictions =
permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options =
noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file =
/etc/ssl/private/server.crt
smtpd_tls_key_file =
/etc/ssl/private/server.key
smtpd_tls_session_cache_database =
btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code =
550
2. /etc/postfix/main.cf の編集
#
cat /etc/postfix/master.cf
#
# Postfix master process configuration
file. For details on the format
# of the file, see the master(5) manual
page (command: "man 5 master" or
# on-line:
http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix
reload" after editing this file.
#
#
==========================================================================
# service type private
unpriv chroot wakeup
maxproc command + args
#
(yes) (yes)
(no) (never) (100)
#
==========================================================================
smtp
inet
n
-
y
-
-
smtpd
#smtp
inet
n
-
y
-
1
postscreen
#smtpd
pass
-
-
y
-
-
smtpd
#dnsblog unix
-
-
y
-
0
dnsblog
#tlsproxy unix
-
-
y
-
0
tlsproxy
submission inet
n
-
y
-
-
smtpd
-o
syslog_name=postfix/submission
# -o
smtpd_tls_security_level=encrypt
-o
smtpd_tls_security_level=may
-o
smtpd_sasl_auth_enable=yes
# -o
smtpd_reject_unlisted_recipient=no
# -o
smtpd_client_restrictions=$mua_client_restrictions
# -o
smtpd_helo_restrictions=$mua_helo_restrictions
# -o
smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o
smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o
milter_macro_daemon_name=ORIGINATING
smtps inet
n
-
y
-
-
smtpd
# -o syslog_name=postfix/smtps
-o
smtpd_tls_wrappermode=yes
-o
smtpd_sasl_auth_enable=yes
##########################################################
#-o
smtpd_client_restrictions=permit_sasl_authenticated,reject
##########################################################
# -o
smtpd_reject_unlisted_recipient=no
# -o
smtpd_client_restrictions=$mua_client_restrictions
# -o
smtpd_helo_restrictions=$mua_helo_restrictions
# -o
smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o
smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o
milter_macro_daemon_name=ORIGINATING
#628
inet
n
-
y
-
-
qmqpd
pickup unix
n
-
y
60
1
pickup
cleanup unix
n
-
y
-
0
cleanup
qmgr
unix
n
-
n
300
1
qmgr
#qmgr unix
n
-
n
300
1
oqmgr
tlsmgr unix
-
-
y
1000?
1
tlsmgr
rewrite unix
-
-
y
-
-
trivial-rewrite
bounce unix
-
-
y
-
0
bounce
defer unix
-
-
y
-
0
bounce
trace unix
-
-
y
-
0
bounce
verify unix
-
-
y
-
1
verify
flush unix
n
-
y
1000?
0
flush
proxymap unix
-
-
n
-
-
proxymap
proxywrite unix
-
-
n
-
1
proxymap
smtp
unix
-
-
y
-
-
smtp
relay unix
-
-
y
-
-
smtp
# -o
smtp_helo_timeout=5 -o
smtp_connect_timeout=5
showq unix
n
-
y
-
-
showq
error unix
-
-
y
-
-
error
retry unix
-
-
y
-
-
error
discard unix
-
-
y
-
-
discard
local unix
-
n
n
-
-
local
virtual unix
-
n
n
-
-
virtual
lmtp
unix
-
-
y
-
-
lmtp
anvil unix
-
-
y
-
1
anvil
scache unix
-
-
y
-
1
scache
#
#
====================================================================
# Interfaces to non-Postfix software. Be
sure to examine the manual
# pages of the non-Postfix software to
find out what options it wants.
#
# Many of the following services use the
Postfix pipe(8) delivery
# agent. See the pipe(8) man page
for information about ${recipient}
# and other message envelope options.
#
====================================================================
#
# maildrop. See the Postfix
MAILDROP_README file for details.
# Also specify in main.cf:
maildrop_destination_recipient_limit=1
#
maildrop unix
-
n
n
-
-
pipe
flags=DRhu user=vmail
argv=/usr/bin/maildrop -d ${recipient}
#
#
====================================================================
#
# Recent Cyrus versions can use the
existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp
cmd="lmtpd -a" listen="localhost:lmtp"
proto=tcp4
#
# Specify in main.cf one or more of the
following:
# mailbox_transport =
lmtp:inet:localhost
# virtual_transport =
lmtp:inet:localhost
#
#
====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf:
cyrus_destination_recipient_limit=1
#
#cyrus
unix
-
n
n
-
-
pipe
# user=cyrus
argv=/cyrus/bin/deliver -e -r ${sender}
-m ${extension} ${user}
#
#
====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix
-
n
n
-
-
pipe
# flags=R user=cyrus
argv=/cyrus/bin/deliver -e -m
${extension} ${user}
#
#
====================================================================
#
# See the Postfix UUCP_README file for
configuration details.
#
uucp
unix
-
n
n
-
-
pipe
flags=Fqhu user=uucp argv=uux -r
-n -z -a$sender - $nexthop!rmail
($recipient)
#
# Other external delivery methods.
#
ifmail unix
-
n
n
-
-
pipe
flags=F user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop
($recipient)
bsmtp unix
-
n
n
-
-
pipe
flags=Fq. user=bsmtp
argv=/usr/lib/bsmtp/bsmtp -t$nexthop
-f$sender $recipient
scalemail-backend unix
- n
n -
2 pipe
flags=R user=scalemail
argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix
-
n
n
-
-
pipe
flags=FR user=list
argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
########################################################################################
scan unix
-
-
n
-
16
smtp
-o
smtp_data_done_timeout=1200
-o
smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet
n
-
n
-
16
smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o
smtpd_restriction_classes=
-o
smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o
smtpd_sender_restrictions=
-o
smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o
smtpd_authorized_xforward_hosts=127.0.0.0/8
#
# 最終行へ以下全行追記
smtp-amavis unix
-
-
n
- 2 smtp
-o
smtp_data_done_timeout=1200
-o
smtp_send_xforward_command=yes
-o
disable_dns_lookups=yes
127.0.0.1:10025 inet
n
-
n
- - smtpd
-o
content_filter=
-o
local_recipient_maps=
-o
relay_recipient_maps=
-o
smtpd_restriction_classes=
-o
smtpd_client_restrictions=
-o
smtpd_helo_restrictions=
-o
smtpd_sender_restrictions=
-o
smtpd_recipient_restrictions=permit_mynetworks,reject
-o
mynetworks=127.0.0.0/8
-o
strict_rfc821_envelopes=yes
-o
smtpd_error_sleep_time=0
-o
smtpd_soft_error_limit=1001
-o
smtpd_hard_error_limit=1000
3.設定変更後のテスト時に
main.cf
や master.cf 等をいじったあとはリロ−ド、再起動しないと設定が反映されません。設定を確実に反映させるための下のようなスクリプトを作成し
てみました。
#!/bin/csh
/etc/init.d/saslauthd restart
service dovecot restart
systemctl restart
amavisd-snmp-subagent.service
systemctl status
amavisd-snmp-subagent.service
systemctl restart
clamav-freshclam.service
systemctl restart clamsmtp.service
/etc/init.d/postfix reload
/etc/init.d/postfix restart
lsof -i:25
lsof -i:587
lsof -i:465
lsof -i:995
lsof -i:10024
host -t mx <メールサーバー名>
4.saslの設定
# mkdir
/etc/postfix/sasl
# vi saslpass
#MTPサーバ名ユーザー名:パスワード
[smtp.gmail.com]:587
hoge@gmail.com:abcdefg1234
# postmap saslpass
# ls
saslpass saslpass.db
設定ファイルとの関連
main.cf
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps =
hash:/etc/postfix/sasl/saslpass
master.cf
-o smtpd_sasl_auth_enable=yes
5. /etc/aliasの編集
# cat aliases
# See man 5 aliases for format
postmaster hoge
clamav hoge
virusalert hoge
root hoge
※最近、フォーマットが変更になった様です。「:」がいらなくなった?!
設定後にデーターベース化する。
# postmap /etc/aliases
データーベースから逆引き出来るか?確認する。
# /usr/sbin/postmap -q root
/etc/aliases
hoge
6. メールユーザーを設定する。
# saslpasswd2 -u
hoge.mydns.jp -c hoge
正しく設定されたかを確認する。
saslpasswd2 -u kkuma.mydns.jp -c $hoge
hoge@hoge.mydns.jp: userPassword
既にユーザーとなっているアカウントならばメールパスワードはログインパスワード
と同じになります。
7. 各種承認機構テスト方法
$ telnet localhost
25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 kkuma.mydns.jp ESMTP
EHLO kkuma.mydns.jp
250-kkuma.mydns.jp
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
AUTH PLAIN 123456789ABCDEFGHI
235 2.7.0 Authentication successful
$ telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
$ telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 kkuma.mydns.jp ESMTP
EHLO kkuma.mydns.jp
250-kkuma.mydns.jp
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS ←TLS
が動作している。
250-AUTH PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
AUTH PLAIN 123456789ABCDEFGHI
235 2.7.0 Authentication successful
$ openssl s_client -quiet -connect
localhost:465
depth=0 C = JP, ST = IWATE, L =
ousyu-shi, O = kkuma.mydns.jp, OU =
kkuma.mydns.jp, CN = kkuma.mydns.jp,
emailAddress =
kkuma-ubuntu@kkuma.mydns.jp
verify error:num=18:self signed
certificate
verify return:1
depth=0 C = JP, ST = IWATE, L =
ousyu-shi, O = kkuma.mydns.jp, OU =
kkuma.mydns.jp, CN = kkuma.mydns.jp,
emailAddress =
kkuma-ubuntu@kkuma.mydns.jp
verify return:1
220 kkuma.mydns.jp ESMTP
$ openssl s_client -quiet -connect
localhost:995
depth=0 C = JP, ST = IWATE, L =
ousyu-shi, O = kkuma.mydns.jp, OU =
kkuma.mydns.jp, CN = kkuma.mydns.jp,
emailAddress =
kkuma-ubuntu@kkuma.mydns.jp
verify error:num=18:self signed
certificate
verify return:1
depth=0 C = JP, ST = IWATE, L =
ousyu-shi, O = kkuma.mydns.jp, OU =
kkuma.mydns.jp, CN = kkuma.mydns.jp,
emailAddress =
kkuma-ubuntu@kkuma.mydns.jp
verify return:1
+OK Dovecot ready.
|
|
|
執筆中!未確認部分 有