Postfix でメールサーバー
Postfix をUbuntu 20.04 にインストールします。
Postfix install
apt install postfix
Internet Site を選び、メールドメインを設定する。
main.cf
vi /etc/postfix/main.cf
myhostname = mail.mydomain.com
mynetworks= 192.168.0.0/16 #Add
mydestination =
# これが無いと送信済みトレイへの保存に失敗する?
home_mailbox = Maildir/
Virtual mailbox domain を使う。
groupadd -g 5000 vmail
useradd -g 5000 -u 5000 -s /sbin/nologin -m vmail
chmod 700 /home/vmail
vmaildir にメールアドレスと保存先のペアを設定。
vi /etc/postfix/vmaildir
ast@mydomain.com mydomain.com/ast/Maildir/
test2@mydomain2.com mydomain2.com/test2/Maildir/
# 更新後は再変換。
postmap /etc/postfix/vmailder
main.cf にvirtual_mailbox_domains を設定
# temp
home_mailbox = Maildir/
# Virtual Mailbox
virtual_mailbox_domains = qt-space.com, mydomains.com
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaildir
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
メール受信テスト。受信すると/home/vmail 以下にフォルダが作成される。
// 127.0.0.1 に向けて届くように一時的に詐称する
vi /etc/hosts
127.0.0.1 mail.mydomain.com mail.mydomain2.com
echo "TEST" | mail -s "test1" -r "ast@mydomain.com" "ast@mydomain.com"
less /var/log/mail.log
Virtual domain HELO
SMTP 送信時のHELO を、メール送信元ドメインに応じて変える(SPAM 対策)
vi /etc/postfix/sender_dependent_default_transport_maps
@mydomain.com out_mydomain_com:
@mydomain2.com out_mydomain2_com:
# convert
postmap /etc/postfix/sender_dependent_default_transport_maps
main.cf
vi /etc/postfix/main.cf
#Virtual Domain HELO
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_dependent_default_transport_maps
master.cf
vi /etc/postfix/master.cf
# Add (virtual domain helo)
out_mydomain_com unix - - n - - smtp -o smtp_helo_name=mail.mydomain.com
out_mydomain2_com unix - - n - - smtp -o smtp_helo_name=mail.mydomain2.com
Dovecot install
IMAP を使います。
apt install dovecot-imapd
dovecot.conf
vi /etc/dovecot/dovecot.conf
listen = *, ::
login_greeting = ready.
login_trusted_networks = 127.0.0.1/8 192.168.0.0/16
10-mail.conf
vi /etc/dovecot/conf.d/10-mail.conf
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
## /home/vmail/qt-space.com/ast/Maildir
mail_location = /home/vmail/%d/%n/Maildir:LAYOUT=fs
10-master.conf
vi /etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
10-auth.conf
vi /etc/dovecot/conf.d/10-auth.conf
// プレーンテキスト認証は無効(login_trusted_networks, SSL/TLS は除く)
disable_plaintext_auth = yes
// 平文及びCRAM-MD5 で認証
auth_mechanisms = plain cram-md5
#!include auth-system.conf.ext
!include auth-passwdfile.conf.ext
!include auth-static.conf.ext
認証に使うパスワードファイルの場所を設定します。
auth-passwdfile.conf.ext
vi /etc/dovecot/conf.d/auth-passwdfile.conf.ext
passdb {
driver = passwd-file
#args = scheme=CRYPT username_format=%u /etc/dovecot/users
args = scheme=CRAM-MD5 username_format=%u /etc/dovecot/passwd
}
userdb {
driver = passwd-file
#args = username_format=%u /etc/dovecot/users
# scheme=CRAM-MD5 を含めるとエラーになります!
args = username_format=%u /etc/dovecot/passwd
}
メールアカウントとパスワードを /etc/dovecot/passwd というファイルで管理します。
doveadm pw -s CRAM-MD5
vi /etc/dovecot/passwd
test@qt-space.com:{CRAM-MD5}abcdefg0123456abcdefg0123456
auth-static.conf.ext
vi /etc/dovecot/conf.d/auth-static.conf.ext
userdb {
driver = static
#args = uid=vmail gid=vmail home=/home/%u
args = uid=vmail gid=vmail home=/home/vmail/%d/%n
}
SSL(Let's encrypt) を使う。
vi /etc/dovecot/conf.d/10-ssl.conf
ssl = yes
ssl_cert = </etc/postfix/keys/mail.mydomain.com/fullchain.pem
ssl_key = </etc/postfix/keys/mail.mydomain.com/privkey.pem
10-logging.conf
vi /etc/dovecot/conf.d/10-logging.conf
log_path = /var/log/dovecot/dovecot.log
# mkdir /var/log/dovecot
SMTP-AUTH を使う
main.cf
vi /etc/postfix/main.cf
#SMTP-AUTH
#smtpd default settings.
# VRFY command is user exists check.
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_type = dovecot
# permit_mynetworks(Allow mynetworks), permit_sasl_authenticated(Allow SASL success)
# reject_unauth_destination(Deny SASL false)
# reject_unknown_sender_domain(Deny From none exist domain)
# reject_non_fqdn_sender(Deny Not fqdn sender address)
# otherwise = True
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_unknown_sender_domain,reject_non_fqdn_sender
#broken_sasl_auth_clients = yes
10-master.conf
vi /etc/dovecot/conf.d/10-master.conf
service auth {
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
Submission port 587 を使う
vi /etc/postfix/master.cf
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=$mua_client_restrictions
SMTPS を使う
vi /etc/postfix/main.cf
#Use SMTPS from other MTA to Postfix
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = /etc/postfix/keys/mail.mydomain.com/fullchain.pem
smtpd_tls_key_file = /etc/postfix/keys/mail.mydomain.com/privkey.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_received_header = yes
master.cf
vi /etc/postfix/master.cf
smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject