メールサーバー構築(その1・Postfix(送信メールサーバー))【カゴヤ・クラウド/VPSをいじる】(未解決・いつかやる)

Webサーバーの次はメールサーバーでしょ,と言うわけで,メールサーバーを構築します。ここの保守がちゃんと出来るような人は,インフラエンジニアの技術も高いと言われていますよね。

本当はメールアドレスなんて要らないのですが,オレオレ認証局を作る際にメールアドレスが必要となりますので,まあ必要に迫られて作る,という感じです。(なくても良さげ?)

まずはPostfix(送信メールサーバー)の構築です。

Postfixインストール

[root@v0000 ~]# yum -y install postfix

これだけです。

一応バージョン確認も。

[root@v0000 ~]# rpm -qa | grep postfix
postfix-2.10.1-6.el7.x86_64

巷のGoogle屋さんの噂によると,Postfixの現在のバージョンは3系だとのこと。

おう,これはまずい。ここはyumで何とかPostfix3系を入れるべく格闘です。

・・・色々やりましたが,諦めます。多分CentOSのアップデートで3が実装されると思うので,そこまでゆるりと待つこととします。

Postfix設定

Postfix設定

#念のため元データを残しておく。
[root@v0000 ~]# cp /etc/postfix/main.cf /etc/postfix/main.cf.orig

[root@v0000 ~]# nano /etc/postfix/main.cf

# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
myhostname = mail.hogehoge.com ← 追加(自FQDN名を指定)

# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
mydomain = hogehoge.com ← 追加(自ドメイン名を指定)

# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites.  If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
myorigin = $mydomain ← 追加(ローカルからのメール送信時の送信元メールアドレス@以降にドメイン名を付加)

# RECEIVING MAIL

# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on.  By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = all ← 変更(localhostから。外部からのメール受信を許可)

# Enable IPv4, and IPv6 if supported
inet_protocols = ipv4 ← 変更(ipv4のみに)

# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain.  On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain ← 変更(自ドメイン宛メールも受信出来るようにする。)
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#       mail.$mydomain, www.$mydomain, ftp.$mydomain

# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
relayhost = [smtp.gmail.com] ← ISPのSMTPサーバー名を指定

# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
home_mailbox = Maildir/ ← 追加(メールボックス形式をMaildir形式に)

# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP unknown ← 追加(メールサーバーソフト名を隠す)

#SMTP-Auth設定
smtpd_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = plain
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination

#以下を最終行へ追加(受信メールサイズ制限)
message_size_limit = 10485760 ← 追加(受信メールサイズを10MB=10*1024*1024に制限)

兎にも角にもガリガリ設定していきます。

SMTP-Auth設定

#cyrus-saslインストール
[root@v0000 ~]# yum -y install cyrus-sasl
#saslauthd起動&自動起動設定
[root@v0000 ~]# systemctl start saslauthd
[root@v0000 ~]# systemctl enable saslauthd
ln -s '/usr/lib/systemd/system/saslauthd.service' '/etc/systemd/system/multi-user.target.wants/saslauthd.service'
#OP25B対策プロバイダ情報ファイル作成
[root@v0000 ~]# nano /etc/postfix/sasl_passwd
[smtp.gmail.com] providermailaccount:password
#ハッシュ化
[root@v0000 ~]# postmap /etc/postfix/sasl_passwd
#rootのみに
[root@v0000 ~]# chmod 600 /etc/postfix/sasl_passwd
[root@v0000 ~]# postmap /etc/postfix/sasl_passwd

Maildir形式メールボックス作成

Postfixのメール格納形式は共有ディレクトリ形式なのですが,セキュリティ対策の観点からMaildir形式に移行します。

[root@v0000 ~]# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
[root@v0000 ~]# chmod -R 700 /etc/skel/Maildir/

Postfix起動

Postfix再起動→自動起動設定を行います。

今回はsystemctlがうまくいきました。

#Postfix再起動
[root@v0000 ~]# systemctl restart postfix
#Postfix自動起動設定
[root@v0000 ~]# systemctl enable postfix

最後に25番ポートを開けておきます。

#25番ポート(SMTP)オープン
[root@v0000 ~]# iptables -A INPUT -p tcp --dport 25 -j ACCEPT
[root@v0000 ~]# iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT

#iptablesの設定保存と再起動を忘れずに
[root@v0000 ~]# iptables-save > /etc/sysconfig/iptables
[root@v0000 ~]# systemctl restart iptables.service

とりあえずPostfixはこんなもんです。

OP25B対策も必要なのですかねぇ。ここら辺はまあとりあえずDovecotまで終わってからですね。

OP25対策

必要でした。gmail経由が手軽なので,gmailで行きます。

まずはPostfix設定ファイルから。

[root@v0000 ~]# nano /etc/postfix/main.cf
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
relayhost = [smtp.gmail.com]:587

SMTP認証情報を設定します。

[root@v0000 ~]# nano /etc/postfix/main.cf
#最終行に追記
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/authinfo
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
#SMTP認証情報設定
[root@v0000 ~]# echo [smtp.gmail.com]:587 user:password > /etc/postfix/authinfo
#パーミッション変更
[root@v0000 ~]# chmod 640 /etc/postfix/authinfo
#ハッシュ化
[root@v0000 ~]# postmap /etc/postfix/authinfo
#設定反映
[root@v0000 ~]# systemctl reload postfix

 

 

コメント

Secured By miniOrange