Table of contents
Postfix 
CentOS
Install
- yum install postfix
Setting
/etc/postfix/main.cf
- inet_interfaces = all が必要 (localhost のみの場合,locahost 以外の名前で接続できない)
- ブラックリスト
smtpd_client_restrictions = permit_mynetworks, reject_invalid_hostname, reject_rbl_client all.rbl.jp, reject_rbl_client bl.spamcop.net, # reject_rbl_client zen.spamhaus.org, permit
Submission port (587) with STARTTLS
証明書
- STARTTLS, SSL/TLS を使用するために秘密鍵とサーバ証明書が必要
- OpenSSL で作成する (例:private.key, server.crt)
openssl req -new -newkey rsa:2048 -days 3650 -nodes -keyout private.key -out server.csr openssl x509 -in server.csr -days 3650 -req -signkey private.key -out server.crt
/etc/postfix/main.cf
smtpd_tls_key_file = /etc/postfix/tls/private.key
smtpd_tls_cert_file = /etc/postfix/tls/server.crt
#
#
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination/etc/postfix/master.cf
submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
- smtpd_tls_security_level=may とすると TLSを使用しないモードも使用可能(危険)
firewalld
- firewall-cmd --add-service=smtp --permanent
- firewall-cmd --add-service=smtp-submission --permanent
- firewall-cmd --reload
SMTPS port (465) with SSL/TLS
sasl, TLS 関連は submission ポートに同じ
- Submission ポートと同時に動かすことも可能
/etc/postfix/master.cf
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
firewalld
- firewall-cmd --add-service=smtps --permanent
- firewall-cmd --reload
Counter: 1191,
today: 1,
yesterday: 1
Last-modified: 2019-08-18 (Sun) 01:50:13 (JST) (1723d) by iseki
