・postfix main.cf の設定

[root@alma]# vi /etc/postfix/main.cf

≪ 途中省略 ≫

# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
↓※コメント解除して書き換え（ホスト名の指定）
myhostname = mail.papa-net.com
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# parameters.
#
#mydomain = domain.tld
↓※コメント解除して書き換え（ドメイン名の指定）
mydomain = papa-net.com

# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted$
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname

#myorigin = $mydomain
↓※コメント解除（@以下の表示にドメイン名の指定）
myorigin = $mydomain

# RECEIVING MAIL

# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
↓※コメント解除（全てのインターフェースで待ち受け）
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost$
inet_interfaces = localhost
↓※コメント化（上記で設定済のためコメント化）
#inet_interfaces = localhost

# Enable IPv4, and IPv6 if supported
inet_protocols = all
↓※書き換え　待ち受けにIPv4を指定
inet_protocols = ipv4

≪ 途中省略 ≫

# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = $myhostname, localhost.$mydomain, localhost
↓※コメント化
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
↓※コメント解除（自サーバーにドメインを追加しドメインでの送受信を許可）
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#mail.$mydomain, www.$mydomain, ftp.$mydomain

≪ 途中省略 ≫

# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
↓※コメント解除（ローカルに存在しないユーザーのメールを受け取らない）
local_recipient_maps = unix:passwd.byname $alias_maps

≪ 途中省略 ≫

#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 127.0.0.0/8, 10.0.0.0/24※追記（自ネットワーク）

≪ 途中省略 ≫

# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
↓※コメント解除（メールボックス形式をMaildir形式に指定）
home_mailbox = Maildir/

≪ 途中省略 ≫

# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP※追記（サーバー名等を表示しないように設定）

≪ 途中省略 ≫

# TLS CONFIGURATION
#
# Basic Postfix TLS configuration by default with self-signed certificate
# for inbound SMTP and also opportunistic TLS for outbound SMTP.

# The full pathname of a file with the Postfix SMTP server RSA certificate
# in PEM format. Intermediate certificates should be included in general,
# the server certificate first, then the issuing CA(s) (bottom-up order).
#
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
↓※書き換え（Let's Encrypt より取得した fullchain.pem ファイルの場所を指定）
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.papa-net.com/fullchain.pem

# The full pathname of a file with the Postfix SMTP server RSA private key
# in PEM format. The private key must be accessible without a pass-phrase,
# i.e. it must not be encrypted.
#
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
↓※書き換え（Let's Encrypt より取得した privkey.pem ファイルの場所を指定）
smtpd_tls_key_file = /etc/letsencrypt/live/mail.papa-net.com/privkey.pem

# Announce STARTTLS support to remote SMTP clients, but do not require thatv # clients use TLS encryption (opportunistic TLS inbound).
#
#
smtpd_tls_security_level = may※確認（may = 暗号化通信及び非暗号化通信のどちらも有効）

# Directory with PEM format Certification Authority certificates that the
# Postfix SMTP client uses to verify a remote SMTP server certificate.
#
smtp_tls_CApath = /etc/pki/tls/certs

# The full pathname of a file containing CA certificates of root CAs
# trusted to sign either remote SMTP server certificates or intermediate CA
# certificates.
#
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt

# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext (opportunistic TLS outbound).
#
smtp_tls_security_level = may※確認（may = 暗号化通信及び非暗号化通信のどちらも有効）
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix

≪ 以下文末に追記 ≫

# メールアドレスにサブドメインを表示しない
masquerade_domains = vm-system.net

# システムユーザの情報を隠す
disable_vrfy_command = yes

# HELO コマンド(SMTP に送信するホストのドメイン・ネームを識別)を使用しないメールは拒否
smtpd_helo_required = yes

# 最大メールサイズを指定　デフォルトの10MB(10240000)から20MBに変更
message_size_limit = 20971520

# SMTP-AUTHの認証方法
smtp_sasl_mechanism_filter = plain

# SMTP-AUTHに使うユーザ名とパスワードを指定するファイル
smtp_sasl_password_maps = hash:/etc/postfix/authinfo

# plaintext（平文）の使用を禁止
smtp_sasl_security_options = noanonymous

# SMTPクライアントの暗号化セッションキャッシュのデータベースを指定
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache.db

# SMTP認証を有効化
smtpd_sasl_auth_enable = yes

# SMTPサーバのリレー（中継）設定
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

# SMTPサーバのリレー（中継）設定は１行で記述
# 内容は下記の通り
# permit_mynetworks： [mynetwork]で指定したアドレスのリレー（中継）許可
# permit_sasl_authenticated ： SASL認証が通ればリレー（中継）許可
# reject_unauth_destination ： 自サーバーのドメイン宛以外のメール送信のリレー（中継）
拒否（不正中継対応）

# 匿名での接続を拒否
smtpd_sasl_security_options = noanonymous

# 認証に使用するメールサーバーのホスト名を指定
smtpd_sasl_local_domain = $myhostname

# SSL/TLS通信のキャッシュ保持時間
smtpd_tls_session_cache_timeout = 3600s

# プロトコルおよび暗号に関する情報をReceivedヘッダーに追加
smtpd_tls_received_header = yes

# SSL/TLS通信時のログ出力レベル
smtpd_tls_loglevel = 1