メールサーバーの構築(Postfix)
メールサーバー(Posfix)の構築
はじめに
SMTP-AUTH対応にする
Postfixのインストール
portsを使ってインストールする
# cd /usr/ports/mail/postfix
# make
以下をチェックした
x lqqqqq^(-)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [X] SASL Cyrus SASLv1 (Simple Authentication and Security Layer) x x
x x [ ] SASL2 Cyrus SASLv2 (Simple Authentication and Security Layer) x x
x x [ ] SASLKRB If your SASL requires Kerberos select this option x x
x x [ ] TLS SSL and TLS x x
x x [ ] IPv6 IPv6 support x x
x x [ ] IPv6TLS IPv6 support with SSL and TLS x x
x x [X] DB3 Berkeley DB3 (required if SASL also built with DB3) x x
x x [ ] DB40 Berkeley DB4.0 (required if SASL also built with DB4.0) x x
x x [ ] DB41 Berkeley DB4.1 (required if SASL also built with DB4.1) x x
x x [ ] MySQL MySQL map lookups x x
x x [ ] PgSQL PostgreSQL v7.3 map lookups x x
x x [ ] PgSQL72 PostgreSQL v7.2 map lookups x x
x x [ ] OpenLDAP12 OpenLDAP 1.2 map lookups x x
x x [ ] OpenLDAP20 OpenLDAP 2.0 map lookups x x
x x [ ] OpenLDAP21 OpenLDAP 2.1 map lookups x x
x x [ ] Test SMTP/LMTP test server and generator x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
以下をチェック
lqqqqqqqqqqqqqqqqq Additional Cyrus SASL options qqqqqqqqqqqqqqqqqk
x x
x Please select desired options: x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [ ] NDBM ndbm DB x x
x x [X] DB3 Berkeley DB, revision 3 x x
x x [ ] JAVA JavaSASL [Experimental] x x
x x [ ] MySQL MySQL password Authentication x x
x x [ ] OpenLDAP1 OpenLDAP 1.x password Authentication x x
x x [ ] OpenLDAP2 OpenLDAP 2.x password Authentication w/TLS x x
x x [ ] PWCHECK Use pwcheck for password Authentication x x
x x [ ] PAMPWCHECK Use pwcheck_pam for password Authentication x x
x x [X] SASLAUTHD Use saslauthd for password Authentication x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x [ OK ] Cancel x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
# make install
以下で[Enter]KEYを押し処理続行。
Added user "postfix".
You need user "postfix" added to group "mail".
Would you like me to add it [y]? <- Enter
私は"y"[Enter]KEYを押した。
Would you like to activate Postfix in /etc/mail/mailer.conf [n]?
# make clean
設定ファイル(/usr/local/etc/postfix/main.cf)の編集
# cd /usr/local/etc/postfix
# vi main.cf
main.cfに以下の行を追加・修正する。
-
メールはMaildir形式で保存する。
-
SMTP-AUTHに有効にする。
myhostname = smtp.mydomain.com mydomain = mydomain.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain $mydomain mynetworks = 192.168.0.0/24, 127.0.0.0/8 #relayhost = $mydomain relayhost = alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases recipient_delimiter = - home_mailbox = Maildir/ mail_spool_directory = /var/mail smtpd_banner = $myhostname ESMTP $mail_name # # SMTP-AUTH # smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sal_local_domain = $myhostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination #broken_sasl_auth_clients = yes virtual_alias_maps = hash:/usr/local/etc/postfix/virtual html_directory = no
SMTP-AUTHのユーザー用パスワードの設定
# /usr/local/sbin/saslpasswd -c user1
Password:
Again (for verification):
/usr/local/lib/sasl/smtpd.confの作成
# vi /usr/local/lib/sasl/smtpd.conf
[内容]
pwcheck_method: sasldb
メールサーバーの不正中継チェック
「鷹の巣」自宅サーバーを参考にメールサーバのチェックを行う。チェック方法が詳しく載っているので結果のみを示す。
-
不正中継チェック結果
Mail relay testing Connecting to aaa.bbb.ccc.ddd for anonymous test ... <<< 220 smtp.mydomain.com ESMTP Postfix >>> HELO www.abuse.net <<< 250 smtp.mydomain.com Relay test 1 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@abuse.net> <<< 250 Ok >>> RCPT TO:<securitytest@abuse.net> <<< 554 <securitytest@abuse.net>: Relay access denied Relay test 2 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest> <<< 250 Ok >>> RCPT TO:<securitytest@abuse.net> <<< 554 <securitytest@abuse.net>: Relay access denied Relay test 3 >>> RSET <<< 250 Ok >>> MAIL FROM:<> <<< 250 Ok >>> RCPT TO:<securitytest@abuse.net> <<< 554 <securitytest@abuse.net>: Relay access denied Relay test 4 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<securitytest@abuse.net> <<< 554 <securitytest@abuse.net>: Relay access denied Relay test 5 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@smtp.mydomain.com> <<< 250 Ok >>> RCPT TO:<securitytest@abuse.net> <<< 554 <securitytest@abuse.net>: Relay access denied Relay test 6 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<securitytest%abuse.net@[aaa.bbb.ccc.ddd]> <<< 554 <securitytest%abuse.net@[aaa.bbb.ccc.ddd]>: Relay access denied Relay test 7 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<securitytest%abuse.net@smtp.mydomain.com> <<< 554 <securitytest%abuse.net@smtp.mydomain.com>: Relay access denied Relay test 8 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<"securitytest@abuse.net"> <<< 554 <securitytest@abuse.net>: Relay access denied Relay test 9 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<"securitytest%abuse.net"> <<< 554 <securitytest%abuse.net>: Relay access denied Relay test 10 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<securitytest@abuse.net@[aaa.bbb.ccc.ddd]> <<< 554 <securitytest@abuse.net@[aaa.bbb.ccc.ddd]>: Relay access denied Relay test 11 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<"securitytest@abuse.net"@[aaa.bbb.ccc.ddd]> <<< 554 <securitytest@abuse.net@[aaa.bbb.ccc.ddd]>: Relay access denied Relay test 12 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<securitytest@abuse.net@smtp.mydomain.com> <<< 554 <securitytest@abuse.net@smtp.mydomain.com>: Relay access denied Relay test 13 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<@[aaa.bbb.ccc.ddd]:securitytest@abuse.net> <<< 554 <securitytest@abuse.net>: Relay access denied Relay test 14 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<@smtp.mydomain.com:securitytest@abuse.net> <<< 554 <securitytest@abuse.net>: Relay access denied Relay test 15 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<abuse.net!securitytest> <<< 554 <abuse.net!securitytest>: Relay access denied Relay test 16 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<abuse.net!securitytest@[aaa.bbb.ccc.ddd]> <<< 554 <abuse.net!securitytest@[aaa.bbb.ccc.ddd]>: Relay access denied Relay test 17 >>> RSET <<< 250 Ok >>> MAIL FROM:<spamtest@[aaa.bbb.ccc.ddd]> <<< 250 Ok >>> RCPT TO:<abuse.net!securitytest@smtp.mydomain.com> <<< 554 <abuse.net!securitytest@smtp.mydomain.com>: Relay access denied Relay test result All tests performed, no relays accepted.
無事、不正中継はされないようである。
メールを一カ所へ集約する方法
LAN内に複数のメールサーバーが稼働していて、各サーバー上のdailyメール等を一カ所へ集約するための設定は以下の通りである。
-
/usr/local/etc/postfix/main.cfに以下の行を追加・修正する。
mydestination = local_recipient_maps = relayhost = [aaa.bbb.ccc.ddd] fallback_transport = smtp:[aaa.bbb.ccc.ddd]
“aaa.bbb.ccc.ddd"がメールを集約するメールサーバーのIPアドレスである。
各行の内容は次の通りである。なお、以下の解説は私の感によるものであるため間違った記述があるかもしれません。その場合は’‘修正’‘お願いします。
‘‘パラメータ’’ ‘‘内 容’’ mydestination 自ホストが扱うホスト名またはドメイン名を指定する。ここでは指定していないのでrelyhostで指定されたサーバへリレーされる。 local_recipient_maps あて先不明なメールの処理を記述するパラメータで、何も指定しないことで、あて先不明のメールを処理するようになります。 relayhost デフォルトのリレーホストを指定します。 fallback_transport ローカルに登録されていないユーザへのメールを転送する先を記述します。
main.cfの内容–(追加)2004/11/23
#
# /usr/local/etc/postfix/main.cf
#
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
#
myhostname = mail.server.domain
mydomain = server.domain
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, $mydomain,
pc1.$mydomain, pc2.$mydomain,
virtual.server.domain
mynetworks = 192.168.0.0/24, 127.0.0.0/8
relayhost =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = -
home_mailbox = Maildir/
mail_spool_directory = /var/mail
smtpd_banner = $myhostname ESMTP $mail_name
#
# SMTP-AUTH
#
mtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sal_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
#broken_sasl_auth_clients = yes
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
html_directory = no