3: 2019-08-16 (金) 14:23:47 iseki  |
現: 2019-08-18 (日) 01:50:13 iseki |
| | #br | | #br |
| | | | |
| - | **** STARTTLS [#fc318451] | + | **** 証明書 [#fc318451] |
| - | - STARTTLS を使用するために秘密鍵とサーバ証明書が必要 | + | - STARTTLS, SSL/TLS を使用するために秘密鍵とサーバ証明書が必要 |
| | - [[OpenSSL]] で作成する (例:private.key, server.crt) | | - [[OpenSSL]] で作成する (例:private.key, server.crt) |
| | openssl req -new -newkey rsa:2048 -days 3650 -nodes -keyout private.key -out server.csr | | openssl req -new -newkey rsa:2048 -days 3650 -nodes -keyout private.key -out server.csr |
| | smtpd_tls_key_file = /etc/postfix/tls/private.key | | smtpd_tls_key_file = /etc/postfix/tls/private.key |
| | smtpd_tls_cert_file = /etc/postfix/tls/server.crt | | smtpd_tls_cert_file = /etc/postfix/tls/server.crt |
| | + | |
| | # | | # |
| | # | | # |
| | - firewall-cmd --add-service=smtp --permanent | | - firewall-cmd --add-service=smtp --permanent |
| | - firewall-cmd --add-service=smtp-submission --permanent | | - firewall-cmd --add-service=smtp-submission --permanent |
| | + | - firewall-cmd --reload |
| | + | #br |
| | + | |
| | + | *** SMTPS port (465) with SSL/TLS [#ic4e55f9] |
| | + | **** sasl, TLS 関連は submission ポートに同じ [#ld495188] |
| | + | - Submission ポートと同時に動かすことも可能 |
| | + | #br |
| | + | |
| | + | **** /etc/postfix/master.cf [#m373862e] |
| | + | smtps inet n - n - - smtpd |
| | + | -o smtpd_tls_wrappermode=yes |
| | + | -o smtpd_sasl_auth_enable=yes |
| | + | -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject |
| | + | #br |
| | + | |
| | + | **** firewalld [#c5d01289] |
| | + | - firewall-cmd --add-service=smtps --permanent |
| | - firewall-cmd --reload | | - firewall-cmd --reload |
| | #br | | #br |
