1. Postfix

1.1. hosts ファイルの編集とsendmail コマンドの確認

IPv6のループバックアドレスが記載されていると、postconf でエラーになるので、編集する。

vi /etc/hosts
### 下記をコメントアウト
::1         localhost localhost.localdomain localhost6
alternatives --display mta
mta -ステータスは自動です。
リンクは現在 /usr/sbin/sendmail.postfix を指しています。
/usr/sbin/sendmail.postfix - priority 60
 スレーブ mta-mailq: /usr/bin/mailq.postfix
 スレーブ mta-newaliases: /usr/bin/newaliases.postfix
 スレーブ mta-pam: /etc/pam.d/smtp.postfix
 スレーブ mta-rmail: /usr/bin/rmail.postfix
 スレーブ mta-sendmail: /usr/lib/sendmail.postfix
 スレーブ mta-mailqman: /usr/share/man/man1/mailq.postfix.1.gz
 スレーブ mta-newaliasesman: /usr/share/man/man1/newaliases.postfix.1.gz
 スレーブ mta-sendmailman: /usr/share/man/man1/sendmail.postfix.1.gz
 スレーブ mta-aliasesman: /usr/share/man/man5/aliases.postfix.5.gz
 スレーブ mta-smtpdman: /usr/share/man/man8/smtpd.postfix.8.gz
現在の「最適」バージョンは /usr/sbin/sendmail.postfix です。
postconf |grep mail_version
mail_version = 3.3.1
milter_macro_v = $mail_name $mail_version
systemctl enable postfix
systemctl start postfix

コマンドラインで sendmail コマンドでメール送信できることを確認。

1.2. 設定ファイルの変更

postfix の設定ファイルは色々と情報があって、微妙に違ってたりするので、ここはさくらのスタートアップスクリプトをもとに設定してみる。

DOMAIN="office-iwakiri.work"
postconf -e smtpd_banner='$myhostname ESMTP'
postconf -e smtp_header_checks='regexp:/etc/postfix/smtp_header_checks'
postconf -e mime_header_checks='regexp:/etc/postfix/mime_header_checks'
postconf -e disable_vrfy_command=yes
postconf -e smtpd_helo_required=yes
postconf -e inet_interfaces=all
postconf -e myhostname=${DOMAIN}
postconf -e mydestination='localhost.$mydomain, localhost'
postconf -e relay_domains='$mydestination'
postconf -e virtual_alias_maps='proxy:mysql:/etc/postfix/virtual_alias_maps.cf'
postconf -e virtual_mailbox_domains=proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
postconf -e virtual_mailbox_maps='proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf'
postconf -e virtual_mailbox_base='/home/vmail'
postconf -e virtual_mailbox_limit=512000000
postconf -e message_size_limit=20480000
postconf -e virtual_minimum_uid=10000
postconf -e virtual_transport=virtual
postconf -e virtual_uid_maps='static:10000'
postconf -e virtual_gid_maps='static:10000'
postconf -e local_transport=virtual
postconf -e local_recipient_maps='$virtual_mailbox_maps'
postconf -e transport_maps='hash:/etc/postfix/transport'
postconf -e smtpd_sasl_auth_enable=yes
postconf -e smtpd_sasl_type=dovecot
postconf -e smtpd_sasl_path='/var/run/dovecot/auth-client'
postconf -e smtpd_recipient_restrictions='permit_auth_destination, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
echo '# smtpd_client_restrictions=permit_mynetworks, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit' >> /etc/postfix/main.cf
echo '# smtpd_client_restrictions=permit_mynetworks, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit' >> /etc/postfix/main.cf
postconf -e smtpd_client_restrictions='permit_mynetworks, reject_unknown_client, permit'
postconf -e smtpd_sender_restrictions='reject_unknown_sender_domain, reject_non_fqdn_sender'
postconf -e smtpd_relay_restrictions='permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e smtpd_sasl_security_options=noanonymous
postconf -e smtpd_sasl_tls_security_options='$smtpd_sasl_security_options'
postconf -e smtpd_tls_security_level=may
postconf -e smtpd_tls_auth_only=yes
postconf -e smtpd_tls_received_header=yes
postconf -e smtpd_tls_cert_file=${CERT}
postconf -e smtpd_tls_key_file=${PKEY}
postconf -e smtpd_tls_CAfile='/etc/pki/tls/certs/ca-bundle.crt'
postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
postconf -e smtpd_tls_ask_ccert=yes
postconf -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_use_tls=yes
postconf -e smtpd_sasl_local_domain='$mydomain'
postconf -e broken_sasl_auth_clients=yes
postconf -e smtpd_tls_loglevel=1
postconf -e smtp_tls_security_level=may
postconf -e smtp_tls_loglevel=1
postconf -e smtp_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
postconf -e smtp_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'

ここまでの内容は、postconf コマンドで実行したが、”/etc/postfix/main.cf” ファイルを編集でも可。

sed -i 's/^#\(submission.*smtpd$\)/\1/g' /etc/postfix/master.cf
sed -i 's/^#\(smtps.*smtpd$\)/\1 \n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes/g' /etc/postfix/master.cf

vi /etc/postfix/smtp_header_checks
/^Received: .*/     IGNORE
/^User-Agent: .*/   IGNORE

vi /etc/postfix/mime_header_checks
/^Mime-Version:/    IGNORE

vi /etc/postfix/virtual_alias_maps.cf
user = postfix
password = ${DATABASE_PASSWORD}
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address

vi /etc/postfix/virtual_mailbox_domains.cf
user = postfix
password = ${DATABASE_PASSWORD}
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain

vi /etc/postfix/virtual_mailbox_maps.cf
user = postfix
password = ${DATABASE_PASSWORD}
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username

postmap /etc/postfix/transport
systemctl restart postfix.service

2. Dovecot

2.1. メールボックス用のユーザー、ディレクトリを作成

groupadd -g 10000 vmail
useradd -u 10000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail

mkdir -p /home/vmail/${DOMAIN}/${ADMIN_NAME}/{cur,new,tmp}
chown -R vmail. /home/vmail/

2.2. 設定ファイル

sed -i 's/.*!include conf.d\/\*.conf/#&/g' /etc/dovecot/dovecot.conf
vi /etc/dovecot/dovecot.conf

以下の内容を末尾に追記

protocols = imap pop3
auth_mechanisms = plain

passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}
userdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}

service auth {
    unix_listener auth-client {
        group = postfix
        mode = 0660
        user = postfix
    }
    user = root
}

mail_home = /home/vmail/%d/%n
mail_location = maildir:~

ssl = yes
ssl_cert = <${CERT}
ssl_key = <${PKEY}
ssl_min_protocol = TLSv1.2

service stats {
    unix_listener stats-writer {
        mode = 0666
    }
}

vi /etc/dovecot/dovecot-sql.conf

driver = mysql
connect = host=localhost dbname=postfix user=postfix password=${DATABASE_PASSWORD}
default_pass_scheme = SHA512-CRYPT
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 10000 AS uid, 10000 AS gid, concat('dirsize:storage=',  quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 10000 as  userdb_uid, 10000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

systemctl start dovecot.service
systemctl enable dovecot.service

これで、Macのメーラーを使って、メールの送受信が出来ることを確認できた。