Webサーバーの次はメールサーバーでしょ,と言うわけで,メールサーバーを構築します。ここの保守がちゃんと出来るような人は,インフラエンジニアの技術も高いと言われていますよね。
本当はメールアドレスなんて要らないのですが,オレオレ認証局を作る際にメールアドレスが必要となりますので,まあ必要に迫られて作る,という感じです。(なくても良さげ?)
まずはPostfix(送信メールサーバー)の構築です。
Postfixインストール
[root@v0000 ~]# yum -y install postfix
これだけです。
一応バージョン確認も。
[root@v0000 ~]# rpm -qa | grep postfix postfix-2.10.1-6.el7.x86_64
巷のGoogle屋さんの噂によると,Postfixの現在のバージョンは3系だとのこと。
おう,これはまずい。ここはyumで何とかPostfix3系を入れるべく格闘です。
・・・色々やりましたが,諦めます。多分CentOSのアップデートで3が実装されると思うので,そこまでゆるりと待つこととします。
Postfix設定
Postfix設定
#念のため元データを残しておく。
[root@v0000 ~]# cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
[root@v0000 ~]# nano /etc/postfix/main.cf
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
myhostname = mail.hogehoge.com ← 追加(自FQDN名を指定)
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
mydomain = hogehoge.com ← 追加(自ドメイン名を指定)
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
myorigin = $mydomain ← 追加(ローカルからのメール送信時の送信元メールアドレス@以降にドメイン名を付加)
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = all ← 変更(localhostから。外部からのメール受信を許可)
# Enable IPv4, and IPv6 if supported
inet_protocols = ipv4 ← 変更(ipv4のみに)
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain ← 変更(自ドメイン宛メールも受信出来るようにする。)
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
relayhost = [smtp.gmail.com] ← ISPのSMTPサーバー名を指定
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
home_mailbox = Maildir/ ← 追加(メールボックス形式をMaildir形式に)
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP unknown ← 追加(メールサーバーソフト名を隠す)
#SMTP-Auth設定
smtpd_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = plain
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
#以下を最終行へ追加(受信メールサイズ制限)
message_size_limit = 10485760 ← 追加(受信メールサイズを10MB=10*1024*1024に制限)
兎にも角にもガリガリ設定していきます。
SMTP-Auth設定
#cyrus-saslインストール [root@v0000 ~]# yum -y install cyrus-sasl #saslauthd起動&自動起動設定 [root@v0000 ~]# systemctl start saslauthd [root@v0000 ~]# systemctl enable saslauthd ln -s '/usr/lib/systemd/system/saslauthd.service' '/etc/systemd/system/multi-user.target.wants/saslauthd.service' #OP25B対策プロバイダ情報ファイル作成 [root@v0000 ~]# nano /etc/postfix/sasl_passwd [smtp.gmail.com] providermailaccount:password #ハッシュ化 [root@v0000 ~]# postmap /etc/postfix/sasl_passwd #rootのみに [root@v0000 ~]# chmod 600 /etc/postfix/sasl_passwd [root@v0000 ~]# postmap /etc/postfix/sasl_passwd
Maildir形式メールボックス作成
Postfixのメール格納形式は共有ディレクトリ形式なのですが,セキュリティ対策の観点からMaildir形式に移行します。
[root@v0000 ~]# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
[root@v0000 ~]# chmod -R 700 /etc/skel/Maildir/
Postfix起動
Postfix再起動→自動起動設定を行います。
今回はsystemctlがうまくいきました。
#Postfix再起動 [root@v0000 ~]# systemctl restart postfix #Postfix自動起動設定 [root@v0000 ~]# systemctl enable postfix
最後に25番ポートを開けておきます。
#25番ポート(SMTP)オープン [root@v0000 ~]# iptables -A INPUT -p tcp --dport 25 -j ACCEPT [root@v0000 ~]# iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT #iptablesの設定保存と再起動を忘れずに [root@v0000 ~]# iptables-save > /etc/sysconfig/iptables [root@v0000 ~]# systemctl restart iptables.service
とりあえずPostfixはこんなもんです。
OP25B対策も必要なのですかねぇ。ここら辺はまあとりあえずDovecotまで終わってからですね。
OP25対策
必要でした。gmail経由が手軽なので,gmailで行きます。
まずはPostfix設定ファイルから。
[root@v0000 ~]# nano /etc/postfix/main.cf # INTERNET OR INTRANET # The relayhost parameter specifies the default host to send mail to # when no entry is matched in the optional transport(5) table. When # no relayhost is given, mail is routed directly to the destination. # # On an intranet, specify the organizational domain name. If your # internal DNS uses no MX records, specify the name of the intranet # gateway host instead. # # In the case of SMTP, specify a domain, host, host:port, [host]:port, # [address] or [address]:port; the form [host] turns off MX lookups. # # If you're connected via UUCP, see also the default_transport parameter. # #relayhost = $mydomain #relayhost = [gateway.my.domain] #relayhost = [mailserver.isp.tld] #relayhost = uucphost #relayhost = [an.ip.add.ress] relayhost = [smtp.gmail.com]:587
SMTP認証情報を設定します。
[root@v0000 ~]# nano /etc/postfix/main.cf #最終行に追記 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/authinfo smtp_sasl_security_options = noanonymous smtp_sasl_mechanism_filter = plain #SMTP認証情報設定 [root@v0000 ~]# echo [smtp.gmail.com]:587 user:password > /etc/postfix/authinfo #パーミッション変更 [root@v0000 ~]# chmod 640 /etc/postfix/authinfo #ハッシュ化 [root@v0000 ~]# postmap /etc/postfix/authinfo #設定反映 [root@v0000 ~]# systemctl reload postfix
コメント