このページの翻訳:
- 日本語 (ja)
- English (en)
最近の更新
- 02 Apache2で自己認証ssl [中間証明書の整合性確認]
最近の更新
CentOS 6.8 | OS |
postfix-2.9.5-1 | MTA |
postgrey-1.34-1 | greylisting |
amavisd-new-2.9.1-2 | MTAとチェッカー (clamavや SpamAssassin) を結ぶ |
clamav-0.99.2-1 | ウィルススキャン |
spamassassin-3.3.1-3 | Spamチェック |
dovecot-2.2.27-1 | IMAP |
Postfix Admin 2.3 | Postfix管理UI |
ソースから下記のパッチを当ててビルドする。
VDAパッチ: バーチャルドメイン環境にて、Maildir形式のメールボックスを使用する際に、Quotaがかからない問題対応
sleepパッチ: postgreyを利用する為のパッチ
# yum install epel-release
# cd /usr/local/src # wget http://mirror.neu.edu.cn/CentALT/6/SRPMS/postfix-2.9.5-1.el6.src.rpm # wget http://vda.sourceforge.net/VDA/postfix-vda-v11-2.9.5.patch # wget http://k2net.hakuba.jp/pub/postfix-2.9-sleep.patch
# rpm -ivh postfix-2.9.5-1.el6.src.rpm # cd ~/rpmbuild/SOURCES # cp /usr/local/src/*.patch . # cd ../SPECS/ # vi postfix.spec ------------------ (76行目に追加) Patch0: postfix-2.6.1-files.patch Patch1: postfix-alternatives.patch Patch2: postfix-large-fs.patch Patch3: postfix-2.9-sleep.patch Patch4: postfix-vda-v11-2.9.5.patch (152行目に追加) %patch0 -p1 -b .files %patch1 -p1 -b .alternatives %patch2 -p1 -b .large-fs %patch3 -p0 -b .sleep %patch4 -p1 -b .vda ------------------ # cd ~ # yum install rpm-build # rpmbuild -ba ~/rpmbuild/SPECS/postfix.spec error: Failed build dependencies: openldap-devel >= 2.0.27 is needed by postfix-2:2.9.5-1.el6.x86_64 cyrus-sasl-devel >= 2.1.10 is needed by postfix-2:2.9.5-1.el6.x86_64 pcre-devel is needed by postfix-2:2.9.5-1.el6.x86_64 mysql-devel is needed by postfix-2:2.9.5-1.el6.x86_64 postgresql-devel is needed by postfix-2:2.9.5-1.el6.x86_64 必要なパッケージ追加 # yum -y install openldap-devel pcre-devel postgresql-devel mysql-devel gcc # rpmbuild -ba ~/rpmbuild/SPECS/postfix.spec # rpm -Uvh ./rpmbuild/RPMS/x86_64/postfix-2.9.5-1.el6.x86_64.rpm
# vi /etc/yum.conf exclude=postfix*
# cd /etc/pki/tls/certs/ # make mail.pem # openssl x509 -in mail.pem -outform DER -out mail.der
最下に下記追加
## mail size message_size_limit = 10485760 ## SMTP auth smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = $myhostname ## 証明書 smtpd_use_tls = yes smtpd_tls_cert_file = /etc/pki/tls/certs/mail.pem smtpd_tls_key_file = /etc/pki/tls/certs/mail.pem smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache smtpd_tls_mandatory_protocols=TLSv1 smtp_tls_mandatory_protocols=TLSv1 tls_daemon_random_source = dev:/dev/urandom #送信側TLS smtp_tls_security_level = may ## postgrey smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_recipient_access hash:$config_directory/whitelist_recipient check_client_access hash:$config_directory/whitelist_client check_client_access regexp:$config_directory/permit_client_nots25r check_policy_service inet:60000 permit smtpd_data_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_recipient_access hash:$config_directory/whitelist_recipient check_client_access hash:$config_directory/whitelist_client check_client_access regexp:$config_directory/permit_client_nots25r check_policy_service inet:60000 permit ## Virtual local_transport = virtual #local_transport = $mydestination transport_maps = hash:/etc/postfix/transport mailbox_command = /usr/bin/procmail virtual_transport = procmail ##virtual_transport = virtual virtual_mailbox_base = /home/mail virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_alias_domains = $virtual_alias_maps virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 10000 virtual_uid_maps = static:10000 virtual_gid_maps = static:10000 mailbox_size_limit = 51200000 message_size_limit = 10240000 virtual_mailbox_limit = 51200000 virtual_mailbox_limit_maps = hash:/etc/postfix/vquota virtual_mailbox_limit_override = yes virtual_overquota_bounce = yes virtual_mailbox_limit_inbox = yes ## amavis content_filter=smtp-amavis:[127.0.0.1]:10024 ## RBL smtpd_client_restrictions = permit_mynetworks, #reject_rbl_client relays.ordb.org, reject_rbl_client spamcop.net, reject_rbl_client dynablock.wirehub.net, reject_rbl_client all.rbl.jp, #reject_rbl_client opm.blitzed.org, #reject_rbl_client relays.ordb.org, #reject_rbl_client relays.visi.com, reject_rbl_client sbl.spamhaus.org, permit relayhost =
bounce メールもpostmasterへ送っておく。
notify_classes = bounce,delay,policy,protocol,resource,software
デフォルト値
# postconf -d | grep notify_classes notify_classes = resource, software
下記修正
submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
最下に下記追加
# smtp-amavis:[127.0.0.1]:10024 smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 # procmail procmail unix - n n - - pipe flags=R user=mail argv=/usr/bin/procmail -t -m USER=${user} DOMAIN=${nexthop} /etc/procmailrc # End procmail
# cat /etc/procmailrc SHELL=/bin/bash PATH=/usr/bin:/bin DEFAULT=/home/mail/$DOMAIN/$USER\@$DOMAIN/ LOCKFILE=/home/mail/procmail.lock LOGFILE=/home/mail/procmail.log VERBOSE=on ##:0 c ##* ^From.*shinya.matsui@hogehoge.com ##! matsui.shinya@hogehoge2.com
# wget ftp://fr2.rpmfind.net/linux/dag/redhat/el6/en/i386/dag/RPMS/postgrey-1.34-1.el6.rf.noarch.rpm
# yum --enablerepo=epel install perl-Net-DNS perl-BerkeleyDB perl-IO-Multiplex perl-Net-Server perl-Parse-Syslog
# rpm -ivh postgrey-1.34-1.el6.rf.noarch.rpm
http://k2net.hakuba.jp/targrey/
# cd /usr/sbin # wget http://k2net.hakuba.jp/pub/targrey-0.31-postgrey-1.34.patch # patch -p0 < targrey-0.31-postgrey-1.34.patch
# cd /usr/local/src/ # wget http://k2net.hakuba.jp/spam/postfix.conf.2.tar.gz # tar zxvf postfix.conf.2.tar.gz # cd postfix.conf.2 # rm *\.* rm: remove regular file `ClamSMTP.master.cf'? y rm: remove regular file `Rgrey.main.cf'? y rm: remove regular file `taRgrey.main.cf'? y # chown root:root ./* # cp -a ./* /etc/postfix/ # postmap /etc/postfix/permit_client_nots25r # postmap /etc/postfix/whitelist_recipient # postmap /etc/postfix/whitelist_client
# vi /etc/rc.d/init.d/postgrey OPTIONS="--unix=$SOCKET" ↓ 以下に変更 OPTIONS="--dbdir=$DBPATH --inet=127.0.0.1:60000 --tarpit=125 --targrey --retry-count=2 --delay=3600"
# chkconfig postgrey on
# vi /etc/yum.conf exclude=postgrey*
Postgreyのホワイトリストは、デフォルトで以下です。
--whitelist-clients=FILE デフォルト: /etc/postfix/postgrey_whitelist_clients --whitelist-recipients=FILE デフォルト: /etc/postfix/postgrey_whitelist_recipients
https://prev.net-newbie.com/trans/postgrey.8.html
手動で追加する場合、以下に書き込みpostgreyのリロードが必要
/etc/postfix/postgrey_whitelist_clients.local /etc/init.d/postgrey reload
# yum --enablerepo=epel install clamd
初回だけ先に更新しておく
# bash -x /etc/cron.daily/freshclam
amavisd用ClamAV起動
# service clamd.amavisd restart
# chkconfig clamd.amavisd on
# yum --enablerepo=epel install amavisd-new
# vi /etc/amavisd/amavisd.conf 自分のドメインを設定 20 $mydomain = 'flateight.com'; # a convenient default for other settings 通知が来るよう修正 119 $virus_admin = "virusalert\@$mydomain"; # notifications recip. 120 $spam_admin = "spamalert\@$mydomain"; # notifications recip. $final_spam_destiny = D_PASS; <- SPAMと判定したメールも通過させる $sa_spam_subject_tag = '***SPAM*** '; <- SPAMと判定したメールの件名に追加させる文字列 #$final_bad_header_destiny = D_BOUNCE; ヘッダチェックをスルーする。(Blocked BAD-HEADER-0) $final_bad_header_destiny = D_PASS;
# vi /etc/aliases 下記追加 virusalert: root spamalert: root alias反映 # newaliases
# service amavisd start
# chkconfig amavisd on
# yum install spamassassin
# bash -x /usr/share/spamassassin/sa-update.cron
# service spamassassin start
# chkconfig spamassassin on
# yum -y --enablerepo=epel install lz4 # yum -y --enablerepo=wing install dovecot dovecot-mysql # yum -y install cyrus-sasl-md5 cyrus_sasl_sql cyrus-sasl-plain
driver = mysql default_pass_scheme = PLAIN #default_pass_scheme = MD5-CRYPT connect = dbname=postfix user=postfix host=/var/lib/mysql/mysql.sock password=xxpostfix password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1' user_query = SELECT concat('/home/mail/', maildir) as home, 10000 as uid, 10000 as gid FROM mailbox WHERE username = '%u' AND active = '1'
auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login digest-md5 cram-md5 apop auth_verbose = yes mail_max_userip_connections = 20 first_valid_gid = 10000 last_valid_uid = 10000 #listen = [::] listen = * log_path = /var/log/dovecot.log mail_location = maildir:/home/mail/%d/%u passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } ssl_cert = </etc/pki/tls/certs/mail.pem #ssl_cipher_list = ALL:!LOW:!SSLv2 #ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL ssl_protocols = !SSLv2 !SSLv3 ssl_key = </etc/pki/tls/certs/mail.pem userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } verbose_ssl = yes protocol lda { postmaster_address = postmaster@example.com }
# yum install mysql-server # chkconfig mysqld on # service mysqld start
# mysql mysql> create database postfix; mysql> grant all privileges on postfix.* to postfix@localhost identified by 'xxpostfix';
# cd /usr/local/src # wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin_2.3.tar.gz?use_mirror=jaist # tar zxvf postfixadmin_2.3.tar.gz # mv postfixadmin_2.3 /var/www/html/postfixadmin # cd /var/www/html/postfixadmin # vi config.inc.php 26 $CONF['configured'] = true; 43 $CONF['default_language'] = 'ja'; 49 $CONF['database_type'] = 'mysqli'; 50 $CONF['database_host'] = 'localhost'; 51 $CONF['database_user'] = 'postfixadmin'; 52 $CONF['database_password'] = 'hogeho'; 53 $CONF['database_name'] = 'postfix'; 100 // $CONF['encrypt'] = 'md5crypt'; 101 $CONF['encrypt'] = 'cleartext'; 130 $CONF['page_size'] = '100'; 158 $CONF['mailboxes'] = '100'; 159 $CONF['maxquota'] = '300';
http://[アドレス]/postfixadmin/setup.php
全部OKになっていればOKです。
setupパスワードを入力し、表示されたsetup_passwordを
config.inc.phpに入力する。
↓
管理者IDを作成する。
# rm /var/www/html/postfixadmin/setup.php
http://[アドレス]/postfixadmin
Web上からpostmaster宛とroot宛を転送するように設定。
PostfixAdminからメールアカウントを作成し、メールの送受信を確認
・下記のウィルス・Spamのチェックを行ってみる
ウィルスメールのテスト