/etc/postfix/main.cf
- inet_interfaces = all が必要 (localhost のみの場合,locahost 以外の名前で接続できない)
- ブラックリスト
smtpd_client_restrictions = permit_mynetworks, reject_invalid_hostname, reject_rbl_client all.rbl.jp, reject_rbl_client bl.spamcop.net, # reject_rbl_client zen.spamhaus.org, permit
sasl
- sasl が必要
証明書
- STARTTLS, SSL/TLS を使用するために秘密鍵とサーバ証明書が必要
- OpenSSL で作成する (例:private.key, server.crt)
openssl req -new -newkey rsa:2048 -days 3650 -nodes -keyout private.key -out server.csr openssl x509 -in server.csr -days 3650 -req -signkey private.key -out server.crt
/etc/postfix/main.cf
smtpd_tls_key_file = /etc/postfix/tls/private.key smtpd_tls_cert_file = /etc/postfix/tls/server.crt # # # SASL smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous #smtpd_sasl_local_domain = $mydomain smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
/etc/postfix/master.cf
submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
- smtpd_tls_security_level=may とすると TLSを使用しないモードも使用可能(危険)
firewalld
- firewall-cmd --add-service=smtp --permanent
- firewall-cmd --add-service=smtp-submission --permanent
- firewall-cmd --reload
Counter: 1186,
today: 1,
yesterday: 0
最終更新: 2019-08-18 (日) 01:50:13 (JST) (1713d) by iseki