 |
|
|
| ◆ | Mailサーバー |
|
SMTPサーバー に postfix・ POP3サーバーに dovecot を使いMailサーバーを構築 |
|
| ◆ | Postfix のインストール |
|
[root@centos]# dnf -y install postfix |
|
| ◆ | Postfix の設定 |
|
[root@centos]# vi /etc/postfix/main.cf 途中略 # INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The default is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # #myhostname = host.domain.tld #myhostname = virtual.domain.tld # The mydomain parameter specifies the local internet domain name. # The default is to use $myhostname minus the first component. # $mydomain is used as a default value for many other configuration # parameters. # #myhostname = host.domain.tld <--- コメント解除して書き換え(ホスト名を指定) ↓ myhostname = papa-net.info #myhostname = virtual.domain.tld # The mydomain parameter specifies the local internet domain name. # The default is to use $myhostname minus the first component. # $mydomain is used as a default value for many other configuration # parameters. # #mydomain = domain.tld <--- コメント解除して書き換え(ドメイン名を指定) ↓ mydomain = papa-net.info # SENDING MAIL # # The myorigin parameter specifies the domain that locally-posted # mail appears to come from. The default is to append $myhostname, # which is fine for small sites. If you run a domain with multiple # machines, you should (1) change this to $mydomain and (2) set up # a domain-wide alias database that aliases each user to # user@that.users.mailhost. # # For the sake of consistency between sender and recipient addresses, # myorigin also specifies the default domain name that is appended # to recipient addresses that have no @domain part. # #myorigin = $myhostname #myorigin = $mydomain <--- コメント解除(ローカルからのメール送信時の送信元メールアドレス@以降に ↓ ドメイン名を付加) myorigin = $mydomain # RECEIVING MAIL # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, # the software claims all active interfaces on the machine. The # parameter also controls delivery of mail to user@[ip.address]. # # See also the proxy_interfaces parameter, for network addresses that # are forwarded to us via a proxy or network address translator. # # Note: you need to stop/start Postfix when this parameter changes. # #inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost inet_interfaces = localhost <--- 書き換え(外部からのメール受信を許可) ↓ inet_interfaces = all # Enable IPv4, and IPv6 if supported inet_protocols = all ↓ inet_protocols = ipv4 <--- 書き換え(IPv4のみを許可) 途中略 # # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". # #mydestination = $myhostname, localhost.$mydomain, localhost <--- コメント化 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain <--- コメント解除 ↓ (自分のドメイン宛メールを受信できるようにする) mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain 途中略 # You can also specify the absolute pathname of a pattern file instead # of listing the patterns here. Specify type:table for table-based lookups # (the value on the table right-hand side is not used). # #mynetworks = 168.100.189.0/28, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table mynetworks = 127.0.0.0/8, 192.168.1.0/24 <--- 追記 ローカルネットワークを追加 途中略 # DELIVERY TO MAILBOX # # The home_mailbox parameter specifies the optional pathname of a # mailbox file relative to a user's home directory. The default # mailbox file is /var/spool/mail/user or /var/mail/user. Specify # "Maildir/" for qmail-style delivery (the / is required). # #home_mailbox = Mailbox #home_mailbox = Maildir/ <--- コメント解除(メールボックス形式をMaildir形式にする) ↓ home_mailbox = Maildir/ 途中略 以下最終行へ追記 smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_auth_destination reject_unauth_destination smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth disable_vrfy_command = yes |
|
| Postfix の 設定確認 | |
|
[root@centos]# postfix check |
|
| 何も表示されなければ設定に問題なし | |
| ◆ | OP25B対策(SMTP-Authの設定 ) |
|
SMTP認証の為のSASLのSMTP認証にはシステムアカウントを利用する方法と、sasldb2を利用する方法がある sasldb2を利用すれば、システムアカウントとは異なるパスワードを設定できるので、こちらの方がセキュリティは高くなる 必要なパッケージのインストール |
|
|
[root@centos]# dnf -y install cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5 |
|
| Postfix の設定 | |
|
[root@centos]# vi /etc/postfix/main.cf 途中略 # INTERNET OR INTRANET # The relayhost parameter specifies the default host to send mail to # when no entry is matched in the optional transport(5) table. When # no relayhost is given, mail is routed directly to the destination. # # On an intranet, specify the organizational domain name. If your # internal DNS uses no MX records, specify the name of the intranet # gateway host instead. # # In the case of SMTP, specify a domain, host, host:port, [host]:port, # [address] or [address]:port; the form [host] turns off MX lookups. # # If you're connected via UUCP, see also the default_transport parameter. # #relayhost = $mydomain #relayhost = [gateway.my.domain] #relayhost = [mailserver.isp.tld] #relayhost = uucphost #relayhost = [an.ip.add.ress] relayhost = [smtp.***.com]:587 <--- 追記(OP25B対策 プロバイダーのSMTPサーバーのアドレス) 途中略 以下最終行へ追記 OP25B対策 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = plain smtp_sasl_password_maps = hash:/etc/postfix/authinfo smtp_sasl_security_options = noanonymous |
|
| Postfix の 設定確認 | |
|
[root@centos]# postfix check |
|
| 何も表示されなければ設定に問題なし | |
| SMTP認証ファイルの作成 | |
|
[root@centos]# vi /etc/postfix/authinfo 以下新規記述 [**********]:587 +++++@++++++++++++:xxxxxxxx **** = プロバイダーのSMTPサーバーアドレス ++++ = プロバイダーのメールアドレス xxxx = プロバイダーのログインパスワード |
|
| アクセス権の変更 | |
|
[root@centos]# chmod 640 /etc/postfix/authinfo |
|
| authinfo.db の作成 | |
|
[root@centos]# postmap /etc/postfix/authinfo |
|
| ◆ | saslauthd の起動 |
|
[root@centos]# systemctl start saslauthd |
|
| saslauthd の自動 起動設定 | |
|
[root@centos]# systemctl enable saslauthd |
|
| 自動起動設定の確認 | |
|
[root@centos]# systemctl is-enabled saslauthd enabled ← enabled になっていればOK |
|
| ◆ | Postfix の起動 |
|
[root@centos]# systemctl start postfix |
|
| Postfix を自動起動設定 | |
|
[root@centos]# systemctl enable postfix |
|
| 自動起動設定の確認 | |
|
[root@centos]# systemctl is-enabled postfix enabled ← enabled になっていればOK |
|
| ◆ | SMTPサーバーの変更 |
| ※ sendmail がインストールされている場合に実行 | |
| sendmail の停止 | |
|
[root@centos]# systemctl stop sendmail |
|
| sendmail を自動起動解除設定 | |
|
[root@centos]# systemctl disable sendmail |
|
| 自動起動解除設定の確認 | |
|
[root@centos]# systemctl is-enabled sendmail disabled <--- disabled になっていればOK |
|
| デフォルトのSMTPサーバーの変更 | |
|
[root@centos]# alternatives --config mta 2 プログラムがあり 'mta' を提供します。 選択 コマンド ----------------------------------------------- *+ 1 /usr/sbin/sendmail.sendmail 2 /usr/sbin/sendmail.postfix Enter を押して現在の選択 [+] を保持するか、選択番号を入力します:2 <--- 2 を入力 |
|
| 変更の確認 | |
|
[root@centos]# alternatives --config mta 2 プログラムがあり 'mta' を提供します。 選択 コマンド ----------------------------------------------- * 1 /usr/sbin/sendmail.sendmail + 2 /usr/sbin/sendmail.postfix Enter を押して現在の選択 [+] を保持するか、選択番号を入力します: <--- Enter を押す |
|
| ◆ | バーチャルドメインの追加 |
| 通常使う papa-net.info ドメインの他に abc.papa-net.info ドメインを追加 | |
|
[root@centos]# vi /etc/postfix/virtual ---最終行に以下を追記--- abc.papa-net.info anything @abc.papa-net.info @papa-net.info |
|
| 設定の反映 | |
|
[root@centos]# postmap /etc/postfix/virtual |
|
| Postfix の設定 | |
|
[root@centos]# vi /etc/postfix/main.cf ---最終行に以下を追記--- virtual_maps = hash:/etc/postfix/virtual |
|
| ◆ | Dovecot のインストール |
|
[root@centos]# dnf -y install dovecot |
|
| ◆ | Dovecotの設定 |
| 設定ファイルが分割されているので下記のファイルを設定 | |
|
[root@centos]# vi /etc/dovecot/dovecot.conf ## Dovecot configuration file # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration # "doveconf -n" command gives a clean output of the changed settings. Use it # instead of copy&pasting files when posting to the Dovecot mailing list. # '#' character and everything after it is treated as comments. Extra spaces # and tabs are ignored. If you want to use either of these explicitly, put the # value inside quotes, eg.: key = "# char and trailing whitespace " # Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } # Default values are shown for each setting, it's not required to uncomment # those. These are exceptions to this though: No sections (e.g. namespace {}) # or plugin settings are added by default, they're listed only as examples. # Paths are also just examples with the real defaults being based on configure # options. The paths listed here are for configure --prefix=/usr # --sysconfdir=/etc --localstatedir=/var # Protocols we want to be serving. #protocols = imap pop3 lmtp submission ↓ protocols = imap pop3 lmtp submission <--- コメント解除 # A comma separated list of IPs or hosts where to listen in for connections. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. # If you want to specify non-default ports or anything more complex, # edit conf.d/master.conf. #listen = *, :: ↓ listen = * <--- コメント解除 して書き換え(IPv4のみ許可) 以下略 |
|
|
[root@centos]# vi /etc/dovecot/conf.d/10-auth.conf ## ## Authentication processes ## # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes <--- コメント解除 して書き換え ↓ disable_plaintext_auth = no 途中略 # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey # gss-spnego # NOTE: See also disable_plaintext_auth setting. auth_mechanisms = plain ↓ auth_mechanisms = plain login <--- 書き換え 以下略 |
|
|
[root@centos]# vi /etc/dovecot/conf.d/10-ssl.conf ## ## SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> # disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps # plain imap and pop3 are still allowed for local connections ssl = required ↓ ssl = yes <--- 書き換え (ssl を利用) 以下略 |
|
|
[root@centos]# vi /etc/dovecot/conf.d/10-mail.conf ## ## Mailbox locations and namespaces ## # Location for users' mailboxes. The default is empty, which means that Dovecot # tries to find the mailboxes automatically. This won't work if the user # doesn't yet have any mail, so you should explicitly tell Dovecot the full # location. # # If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) # isn't enough. You'll also need to tell Dovecot where the other mailboxes are # kept. This is called the "root mail directory", and it must be the first # path given in the mail_location setting. # # There are a few special variables you can use, eg.: # # %u - username # %n - user part in user@domain, same as %u if there's no domain # %d - domain part in user@domain, empty if there's no domain # %h - home directory # # See doc/wiki/Variables.txt for full list. Some examples: # # mail_location = maildir:~/Maildir # mail_location = mbox:~/mail:INBOX=/var/mail/%u # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n # # <doc/wiki/MailLocation.txt #mail_location = <--- コメントを解除して追記 (メールディレクターの指定) ↓ mail_location = maildir:~/Maildir 以下略 |
|
|
[root@centos]# vi /etc/dovecot/conf.d/10-master.conf 途中略 service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups. # # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. # # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { #mode = 0666 #user = #group = } # Postfix smtp-auth #unix_listener /var/spool/postfix/private/auth { # mode = 0666 #} <--- コメントを解除して追記 ↓ unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } 以下略 |
|
| Dovecot の設定確認 | |
|
[root@centos]# doveconf -n | head |
|
| エラーがある場合は前半に“doveconf: Warning:”の付いたエラーメッセージが表示されるので対応する | |
| 後半はOSやホスト名等の情報が表示されるので確認 | |
|
[root@centos]# doveconf -n | head doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:26: 'imaps' protocol is no longer necessary, remov |
|
| 上記の例では“/etc/dovecot/dovecot.confの26行目で廃止された設定: 'imaps' が使われているので削除”と指摘されている | |
| ◆ | Dovecotの起動 |
|
[root@centos]# systemctl start dovecot |
|
| Postfix を自動起動設定 | |
|
[root@centos]# systemctl enable dovecot |
|
| 自動起動設定の確認 | |
|
[root@centos]# systemctl is-enabled dovecot enabled ← enabled になっていればOK |
|
| ◆ | Mailサーバーの送受信テスト |
|
・ポートチェック(ポート開放確認) http://www.cman.jp/network/support/port.html にアクセスしてポートの開放状態をチェック 正常にアクセス出来ない場合はルーターの設定やファイアーフォールの設定を再度確認 |
|
| ・サーバー内送信テスト | |
|
[root@centos]# mail root (root 宛てにメールを送信) Subject: test <--- 入力 (件名) Hello <--- 入力 (本文) . <--- 入力 (ドット入力で終了) EOT |
|
| ・サーバー外送信テスト | |
|
[root@centos]# echo "Hello" | mail -s test abc@yahoo.com <--- 入力 (自分のアドレス宛てメール送信) |
|
|
サーバー内外送信テストを行って正常にメールが届けばOK もし、届かない場合は再度設定を確認 また、メールのログは下記にて確認 |
|
|
[root@centos]# more /var/log/maillog |
|
| ◆ | メールユーザー |
| ・新規ユーザー 新規ユーザー追加時に自動的にメールボックス作成 |
|
|
[root@centos]# mkdir -p /etc/skel/Maildir/new [root@centos]# mkdir -p /etc/skel/Maildir/cur [root@centos]# mkdir -p /etc/skel/Maildir/tmp |
|
| アクセス権の設定 | |
|
[root@centos]# chmod -R 700 /etc/skel/Maildir/ |
|
| ・既存ユーザー 既存ユーザーのメールボックス作成 |
|
|
[root@centos]# mkdir /home/****/Maildir (ユーザー **** のメールボックス作成) [root@centos]# mkdir /home/****/Maildir/new (ユーザー **** のメールボックス作成) [root@centos]# mkdir /home/****/Maildir/cur (ユーザー **** のメールボックス作成) [root@centos]# mkdir /home/****/Maildir/tmp (ユーザー **** のメールボックス作成) |
|
| アクセス権の設定 | |
|
[root@centos]# chmod -R 700 /home/****/Maildir/ (ユーザー **** のアクセス権の設定) |
|
| 所有権の設定 | |
|
[root@centos]# chown -R **** /home/**** (ユーザー **** に所有権の設定) |
|