====== 13 CentOS6メール設定 ======
===== 1.環境 =====
|CentOS 6.8|OS|
|postfix-2.9.5-1|MTA|
|postgrey-1.34-1|greylisting|
|amavisd-new-2.9.1-2|MTAとチェッカー (clamavや SpamAssassin) を結ぶ|
|clamav-0.99.2-1|ウィルススキャン|
|spamassassin-3.3.1-3|Spamチェック|
|dovecot-2.2.27-1|IMAP|
|Postfix Admin 2.3|Postfix管理UI|
===== 2.Postfix =====
ソースから下記のパッチを当ててビルドする。
VDAパッチ: バーチャルドメイン環境にて、Maildir形式のメールボックスを使用する際に、Quotaがかからない問題対応
sleepパッチ: postgreyを利用する為のパッチ
==== インストール ====
=== Epelインストール ===
# yum install epel-release
=== ダウンロード ===
# cd /usr/local/src
# wget http://mirror.neu.edu.cn/CentALT/6/SRPMS/postfix-2.9.5-1.el6.src.rpm
# wget http://vda.sourceforge.net/VDA/postfix-vda-v11-2.9.5.patch
# wget http://k2net.hakuba.jp/pub/postfix-2.9-sleep.patch
=== インストール ===
# rpm -ivh postfix-2.9.5-1.el6.src.rpm
# cd ~/rpmbuild/SOURCES
# cp /usr/local/src/*.patch .
# cd ../SPECS/
# vi postfix.spec
------------------
(76行目に追加)
Patch0: postfix-2.6.1-files.patch
Patch1: postfix-alternatives.patch
Patch2: postfix-large-fs.patch
Patch3: postfix-2.9-sleep.patch
Patch4: postfix-vda-v11-2.9.5.patch
(152行目に追加)
%patch0 -p1 -b .files
%patch1 -p1 -b .alternatives
%patch2 -p1 -b .large-fs
%patch3 -p0 -b .sleep
%patch4 -p1 -b .vda
------------------
# cd ~
# yum install rpm-build
# rpmbuild -ba ~/rpmbuild/SPECS/postfix.spec
error: Failed build dependencies:
openldap-devel >= 2.0.27 is needed by postfix-2:2.9.5-1.el6.x86_64
cyrus-sasl-devel >= 2.1.10 is needed by postfix-2:2.9.5-1.el6.x86_64
pcre-devel is needed by postfix-2:2.9.5-1.el6.x86_64
mysql-devel is needed by postfix-2:2.9.5-1.el6.x86_64
postgresql-devel is needed by postfix-2:2.9.5-1.el6.x86_64
必要なパッケージ追加
# yum -y install openldap-devel pcre-devel postgresql-devel mysql-devel gcc
# rpmbuild -ba ~/rpmbuild/SPECS/postfix.spec
# rpm -Uvh ./rpmbuild/RPMS/x86_64/postfix-2.9.5-1.el6.x86_64.rpm
=== 自動アップデート除外 ===
# vi /etc/yum.conf
exclude=postfix*
=== 証明書を作成しておく ===
# cd /etc/pki/tls/certs/
# make mail.pem
# openssl x509 -in mail.pem -outform DER -out mail.der
==== 設定ファイル修正 ====
=== main.cf ===
最下に下記追加
## mail size
message_size_limit = 10485760
## SMTP auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = $myhostname
## 証明書
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.pem
smtpd_tls_key_file = /etc/pki/tls/certs/mail.pem
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
smtpd_tls_mandatory_protocols=TLSv1
smtp_tls_mandatory_protocols=TLSv1
tls_daemon_random_source = dev:/dev/urandom
#送信側TLS
smtp_tls_security_level = may
## postgrey
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_recipient_access hash:$config_directory/whitelist_recipient
check_client_access hash:$config_directory/whitelist_client
check_client_access regexp:$config_directory/permit_client_nots25r
check_policy_service inet:60000
permit
smtpd_data_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_recipient_access hash:$config_directory/whitelist_recipient
check_client_access hash:$config_directory/whitelist_client
check_client_access regexp:$config_directory/permit_client_nots25r
check_policy_service inet:60000
permit
## Virtual
local_transport = virtual
#local_transport = $mydestination
transport_maps = hash:/etc/postfix/transport
mailbox_command = /usr/bin/procmail
virtual_transport = procmail
##virtual_transport = virtual
virtual_mailbox_base = /home/mail
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_alias_domains = $virtual_alias_maps
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 10000
virtual_uid_maps = static:10000
virtual_gid_maps = static:10000
mailbox_size_limit = 51200000
message_size_limit = 10240000
virtual_mailbox_limit = 51200000
virtual_mailbox_limit_maps = hash:/etc/postfix/vquota
virtual_mailbox_limit_override = yes
virtual_overquota_bounce = yes
virtual_mailbox_limit_inbox = yes
## amavis
content_filter=smtp-amavis:[127.0.0.1]:10024
## RBL
smtpd_client_restrictions = permit_mynetworks,
#reject_rbl_client relays.ordb.org,
reject_rbl_client spamcop.net,
reject_rbl_client dynablock.wirehub.net,
reject_rbl_client all.rbl.jp,
#reject_rbl_client opm.blitzed.org,
#reject_rbl_client relays.ordb.org,
#reject_rbl_client relays.visi.com,
reject_rbl_client sbl.spamhaus.org,
permit
relayhost =
=== Bounceメールをコピー ===
bounce メールもpostmasterへ送っておく。
notify_classes = bounce,delay,policy,protocol,resource,software
デフォルト値
# postconf -d | grep notify_classes
notify_classes = resource, software
=== master.cf ===
== サブミッションポート(5887)をと、SMTPS(465)を開ける ==
下記修正
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
== amavisと、procmailのmaster用意 ==
最下に下記追加
# smtp-amavis:[127.0.0.1]:10024
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
# procmail
procmail unix - n n - - pipe
flags=R user=mail argv=/usr/bin/procmail -t -m USER=${user} DOMAIN=${nexthop} /etc/procmailrc
# End procmail
=== /etc/procmailrc ===
# cat /etc/procmailrc
SHELL=/bin/bash
PATH=/usr/bin:/bin
DEFAULT=/home/mail/$DOMAIN/$USER\@$DOMAIN/
LOCKFILE=/home/mail/procmail.lock
LOGFILE=/home/mail/procmail.log
VERBOSE=on
##:0 c
##* ^From.*shinya.matsui@hogehoge.com
##! matsui.shinya@hogehoge2.com
===== 3.postgrey =====
=== ダウンロード ===
# wget ftp://fr2.rpmfind.net/linux/dag/redhat/el6/en/i386/dag/RPMS/postgrey-1.34-1.el6.rf.noarch.rpm
=== 必要なモジュールインストール ===
# yum --enablerepo=epel install perl-Net-DNS perl-BerkeleyDB perl-IO-Multiplex perl-Net-Server perl-Parse-Syslog
=== インストール ===
# rpm -ivh postgrey-1.34-1.el6.rf.noarch.rpm
=== パッチを当てる ===
[[http://k2net.hakuba.jp/targrey/]]
# cd /usr/sbin
# wget http://k2net.hakuba.jp/pub/targrey-0.31-postgrey-1.34.patch
# patch -p0 < targrey-0.31-postgrey-1.34.patch
=== taRgrey用Postfix設定ファイルダウンロード ===
# cd /usr/local/src/
# wget http://k2net.hakuba.jp/spam/postfix.conf.2.tar.gz
# tar zxvf postfix.conf.2.tar.gz
# cd postfix.conf.2
# rm *\.*
rm: remove regular file `ClamSMTP.master.cf'? y
rm: remove regular file `Rgrey.main.cf'? y
rm: remove regular file `taRgrey.main.cf'? y
# chown root:root ./*
# cp -a ./* /etc/postfix/
# postmap /etc/postfix/permit_client_nots25r
# postmap /etc/postfix/whitelist_recipient
# postmap /etc/postfix/whitelist_client
=== 起動設定変更 ===
# vi /etc/rc.d/init.d/postgrey
OPTIONS="--unix=$SOCKET"
↓ 以下に変更
OPTIONS="--dbdir=$DBPATH --inet=127.0.0.1:60000 --tarpit=125 --targrey --retry-count=2 --delay=3600"
=== 自動起動設定 ===
# chkconfig postgrey on
=== 自動アップデート除外 ===
# vi /etc/yum.conf
exclude=postgrey*
==== Postgreyのホワイトリスト ====
Postgreyのホワイトリストは、デフォルトで以下です。
--whitelist-clients=FILE デフォルト: /etc/postfix/postgrey_whitelist_clients
--whitelist-recipients=FILE デフォルト: /etc/postfix/postgrey_whitelist_recipients
[[https://prev.net-newbie.com/trans/postgrey.8.html]]
手動で追加する場合、以下に書き込みpostgreyのリロードが必要
/etc/postfix/postgrey_whitelist_clients.local
/etc/init.d/postgrey reload
===== 4.ClamAV =====
=== インストール ===
# yum --enablerepo=epel install clamd
=== ウィルス定義更新 ===
初回だけ先に更新しておく
# bash -x /etc/cron.daily/freshclam
=== ClamAV再起動 ===
amavisd用ClamAV起動
# service clamd.amavisd restart
=== 自動起動設定 ===
# chkconfig clamd.amavisd on
===== 5.Amavisd-new =====
=== インストール ===
# yum --enablerepo=epel install amavisd-new
=== 設定変更 ===
# vi /etc/amavisd/amavisd.conf
自分のドメインを設定
20 $mydomain = 'flateight.com'; # a convenient default for other settings
通知が来るよう修正
119 $virus_admin = "virusalert\@$mydomain"; # notifications recip.
120 $spam_admin = "spamalert\@$mydomain"; # notifications recip.
$final_spam_destiny = D_PASS; <- SPAMと判定したメールも通過させる
$sa_spam_subject_tag = '***SPAM*** '; <- SPAMと判定したメールの件名に追加させる文字列
#$final_bad_header_destiny = D_BOUNCE; ヘッダチェックをスルーする。(Blocked BAD-HEADER-0)
$final_bad_header_destiny = D_PASS;
=== Alias設定 ===
# vi /etc/aliases
下記追加
virusalert: root
spamalert: root
alias反映
# newaliases
=== Amavisd起動 ===
# service amavisd start
=== 自動起動設定 ===
# chkconfig amavisd on
===== 6.Spamassassin =====
=== インストール ===
# yum install spamassassin
=== 一度定義更新 ===
# bash -x /usr/share/spamassassin/sa-update.cron
=== Spamassassin起動 ===
# service spamassassin start
=== 自動起動 ===
# chkconfig spamassassin on
===== 7.Dovecot =====
=== インストール ===
# yum -y --enablerepo=epel install lz4
# yum -y --enablerepo=wing install dovecot dovecot-mysql
# yum -y install cyrus-sasl-md5 cyrus_sasl_sql cyrus-sasl-plain
=== 設定ファイル修正 ===
== /etc/dovecot/dovecot-mysql.conf ==
driver = mysql
default_pass_scheme = PLAIN
#default_pass_scheme = MD5-CRYPT
connect = dbname=postfix user=postfix host=/var/lib/mysql/mysql.sock password=xxpostfix
password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT concat('/home/mail/', maildir) as home, 10000 as uid, 10000 as gid FROM mailbox WHERE username = '%u' AND active = '1'
== /etc/dovecot/dovecot.conf ==
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login digest-md5 cram-md5 apop
auth_verbose = yes
mail_max_userip_connections = 20
first_valid_gid = 10000
last_valid_uid = 10000
#listen = [::]
listen = *
log_path = /var/log/dovecot.log
mail_location = maildir:/home/mail/%d/%u
passdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
ssl_cert =
===== 8.MySQL =====
=== インストール ===
# yum install mysql-server
# chkconfig mysqld on
# service mysqld start
=== Postfix用のデータベース作成 ===
# mysql
mysql> create database postfix;
mysql> grant all privileges on postfix.* to postfix@localhost identified by 'xxpostfix';
===== 9.PostfixAdminインストール =====
・ダウンロードURL http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin_2.3.tar.gz?use_mirror=jaist
# cd /usr/local/src
# wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin_2.3.tar.gz?use_mirror=jaist
# tar zxvf postfixadmin_2.3.tar.gz
# mv postfixadmin_2.3 /var/www/html/postfixadmin
# cd /var/www/html/postfixadmin
# vi config.inc.php
26 $CONF['configured'] = true;
43 $CONF['default_language'] = 'ja';
49 $CONF['database_type'] = 'mysqli';
50 $CONF['database_host'] = 'localhost';
51 $CONF['database_user'] = 'postfixadmin';
52 $CONF['database_password'] = 'hogeho';
53 $CONF['database_name'] = 'postfix';
100 // $CONF['encrypt'] = 'md5crypt';
101 $CONF['encrypt'] = 'cleartext';
130 $CONF['page_size'] = '100';
158 $CONF['mailboxes'] = '100';
159 $CONF['maxquota'] = '300';
=== URLからアクセス ===
http://[アドレス]/postfixadmin/setup.php
全部OKになっていればOKです。
setupパスワードを入力し、表示されたsetup_passwordを
config.inc.phpに入力する。
↓
管理者IDを作成する。
=== setup.phpを削除 ===
# rm /var/www/html/postfixadmin/setup.php
=== URLからアクセス ===
http://[アドレス]/postfixadmin
Web上からpostmaster宛とroot宛を転送するように設定。
===== 最終確認 =====
PostfixAdminからメールアカウントを作成し、メールの送受信を確認
・下記のウィルス・Spamのチェックを行ってみる
[[01_linux:03_mail:02_postfix_amavisd_clamav#ウィルスメールのテスト]]
{{tag> postfix mail spamassassin amavisd dovecot}}