1. Postfix
1.1. hosts ファイルの編集とsendmail コマンドの確認
IPv6のループバックアドレスが記載されていると、postconf でエラーになるので、編集する。
vi /etc/hosts
### 下記をコメントアウト
::1 localhost localhost.localdomain localhost6
alternatives --display mta
mta -ステータスは自動です。
リンクは現在 /usr/sbin/sendmail.postfix を指しています。
/usr/sbin/sendmail.postfix - priority 60
スレーブ mta-mailq: /usr/bin/mailq.postfix
スレーブ mta-newaliases: /usr/bin/newaliases.postfix
スレーブ mta-pam: /etc/pam.d/smtp.postfix
スレーブ mta-rmail: /usr/bin/rmail.postfix
スレーブ mta-sendmail: /usr/lib/sendmail.postfix
スレーブ mta-mailqman: /usr/share/man/man1/mailq.postfix.1.gz
スレーブ mta-newaliasesman: /usr/share/man/man1/newaliases.postfix.1.gz
スレーブ mta-sendmailman: /usr/share/man/man1/sendmail.postfix.1.gz
スレーブ mta-aliasesman: /usr/share/man/man5/aliases.postfix.5.gz
スレーブ mta-smtpdman: /usr/share/man/man8/smtpd.postfix.8.gz
現在の「最適」バージョンは /usr/sbin/sendmail.postfix です。
postconf |grep mail_version
mail_version = 3.3.1
milter_macro_v = $mail_name $mail_version
systemctl enable postfix
systemctl start postfix
コマンドラインで sendmail コマンドでメール送信できることを確認。
1.2. 設定ファイルの変更
postfix の設定ファイルは色々と情報があって、微妙に違ってたりするので、ここはさくらのスタートアップスクリプトをもとに設定してみる。
DOMAIN="office-iwakiri.work"
postconf -e smtpd_banner='$myhostname ESMTP'
postconf -e smtp_header_checks='regexp:/etc/postfix/smtp_header_checks'
postconf -e mime_header_checks='regexp:/etc/postfix/mime_header_checks'
postconf -e disable_vrfy_command=yes
postconf -e smtpd_helo_required=yes
postconf -e inet_interfaces=all
postconf -e myhostname=${DOMAIN}
postconf -e mydestination='localhost.$mydomain, localhost'
postconf -e relay_domains='$mydestination'
postconf -e virtual_alias_maps='proxy:mysql:/etc/postfix/virtual_alias_maps.cf'
postconf -e virtual_mailbox_domains=proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
postconf -e virtual_mailbox_maps='proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf'
postconf -e virtual_mailbox_base='/home/vmail'
postconf -e virtual_mailbox_limit=512000000
postconf -e message_size_limit=20480000
postconf -e virtual_minimum_uid=10000
postconf -e virtual_transport=virtual
postconf -e virtual_uid_maps='static:10000'
postconf -e virtual_gid_maps='static:10000'
postconf -e local_transport=virtual
postconf -e local_recipient_maps='$virtual_mailbox_maps'
postconf -e transport_maps='hash:/etc/postfix/transport'
postconf -e smtpd_sasl_auth_enable=yes
postconf -e smtpd_sasl_type=dovecot
postconf -e smtpd_sasl_path='/var/run/dovecot/auth-client'
postconf -e smtpd_recipient_restrictions='permit_auth_destination, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
echo '# smtpd_client_restrictions=permit_mynetworks, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit' >> /etc/postfix/main.cf
echo '# smtpd_client_restrictions=permit_mynetworks, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit' >> /etc/postfix/main.cf
postconf -e smtpd_client_restrictions='permit_mynetworks, reject_unknown_client, permit'
postconf -e smtpd_sender_restrictions='reject_unknown_sender_domain, reject_non_fqdn_sender'
postconf -e smtpd_relay_restrictions='permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e smtpd_sasl_security_options=noanonymous
postconf -e smtpd_sasl_tls_security_options='$smtpd_sasl_security_options'
postconf -e smtpd_tls_security_level=may
postconf -e smtpd_tls_auth_only=yes
postconf -e smtpd_tls_received_header=yes
postconf -e smtpd_tls_cert_file=${CERT}
postconf -e smtpd_tls_key_file=${PKEY}
postconf -e smtpd_tls_CAfile='/etc/pki/tls/certs/ca-bundle.crt'
postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
postconf -e smtpd_tls_ask_ccert=yes
postconf -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_use_tls=yes
postconf -e smtpd_sasl_local_domain='$mydomain'
postconf -e broken_sasl_auth_clients=yes
postconf -e smtpd_tls_loglevel=1
postconf -e smtp_tls_security_level=may
postconf -e smtp_tls_loglevel=1
postconf -e smtp_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
postconf -e smtp_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
ここまでの内容は、postconf コマンドで実行したが、”/etc/postfix/main.cf” ファイルを編集でも可。
sed -i 's/^#\(submission.*smtpd$\)/\1/g' /etc/postfix/master.cf
sed -i 's/^#\(smtps.*smtpd$\)/\1 \n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes/g' /etc/postfix/master.cf
vi /etc/postfix/smtp_header_checks
/^Received: .*/ IGNORE
/^User-Agent: .*/ IGNORE
vi /etc/postfix/mime_header_checks
/^Mime-Version:/ IGNORE
vi /etc/postfix/virtual_alias_maps.cf
user = postfix
password = ${DATABASE_PASSWORD}
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
vi /etc/postfix/virtual_mailbox_domains.cf
user = postfix
password = ${DATABASE_PASSWORD}
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain
vi /etc/postfix/virtual_mailbox_maps.cf
user = postfix
password = ${DATABASE_PASSWORD}
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
postmap /etc/postfix/transport
systemctl restart postfix.service
2. Dovecot
2.1. メールボックス用のユーザー、ディレクトリを作成
groupadd -g 10000 vmail
useradd -u 10000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail
mkdir -p /home/vmail/${DOMAIN}/${ADMIN_NAME}/{cur,new,tmp}
chown -R vmail. /home/vmail/
2.2. 設定ファイル
sed -i 's/.*!include conf.d\/\*.conf/#&/g' /etc/dovecot/dovecot.conf
vi /etc/dovecot/dovecot.conf
以下の内容を末尾に追記
protocols = imap pop3
auth_mechanisms = plain
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
service auth {
unix_listener auth-client {
group = postfix
mode = 0660
user = postfix
}
user = root
}
mail_home = /home/vmail/%d/%n
mail_location = maildir:~
ssl = yes
ssl_cert = <${CERT}
ssl_key = <${PKEY}
ssl_min_protocol = TLSv1.2
service stats {
unix_listener stats-writer {
mode = 0666
}
}
vi /etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=${DATABASE_PASSWORD}
default_pass_scheme = SHA512-CRYPT
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 10000 AS uid, 10000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 10000 as userdb_uid, 10000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
systemctl start dovecot.service
systemctl enable dovecot.service
これで、Macのメーラーを使って、メールの送受信が出来ることを確認できた。