2: 2011-03-22 (火) 03:22:41 iseki |
3: 2019-08-16 (金) 14:23:47 iseki |
| * Postfix [#v565bc6c] | | * Postfix [#v565bc6c] |
| | | |
- | ** for CentOS [#n4ac1e04] | + | ** CentOS [#n4ac1e04] |
| *** Install [#l28b20db] | | *** Install [#l28b20db] |
| - yum install postfix | | - yum install postfix |
| | | |
| *** Setting [#h14f179c] | | *** Setting [#h14f179c] |
- | - /etc/postfix/main.cf で | + | **** /etc/postfix/main.cf [#yb5c96bb] |
- | inet_interfaces = all | + | - ''inet_interfaces = all'' が必要 (localhost のみの場合,locahost 以外の名前で接続できない) |
- | が必要 (localhost のみの場合,locahost 以外の名前で接続できない) | + | - ブラックリスト |
| + | smtpd_client_restrictions = permit_mynetworks, |
| + | reject_invalid_hostname, |
| + | reject_rbl_client all.rbl.jp, |
| + | reject_rbl_client bl.spamcop.net, |
| + | # reject_rbl_client zen.spamhaus.org, |
| + | permit |
| + | |
| + | *** Submission port (587) with STARTTLS [#iab6fcd3] |
| + | **** sasl [#jed4de18] |
| + | - [[sasl>Cryrus SASL]] が必要 |
| + | #br |
| + | |
| + | **** STARTTLS [#fc318451] |
| + | - STARTTLS を使用するために秘密鍵とサーバ証明書が必要 |
| + | - [[OpenSSL]] で作成する (例:private.key, server.crt) |
| + | openssl req -new -newkey rsa:2048 -days 3650 -nodes -keyout private.key -out server.csr |
| + | openssl x509 -in server.csr -days 3650 -req -signkey private.key -out server.crt |
| + | |
| + | **** /etc/postfix/main.cf [#j00f8ef7] |
| + | smtpd_tls_key_file = /etc/postfix/tls/private.key |
| + | smtpd_tls_cert_file = /etc/postfix/tls/server.crt |
| + | |
| + | # |
| + | # |
| + | # SASL |
| + | smtpd_sasl_auth_enable = yes |
| + | smtpd_sasl_security_options = noanonymous |
| + | #smtpd_sasl_local_domain = $mydomain |
| + | smtpd_recipient_restrictions = |
| + | permit_mynetworks, |
| + | permit_sasl_authenticated, |
| + | reject_unauth_destination |
| + | |
| + | **** /etc/postfix/master.cf [#m373862e] |
| + | submission inet n - n - - smtpd |
| + | -o smtpd_tls_security_level=encrypt |
| + | -o smtpd_sasl_auth_enable=yes |
| + | -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject |
| + | - smtpd_tls_security_level=may とすると TLSを使用しないモードも使用可能(危険) |
| + | #br |
| + | |
| + | **** firewalld [#vbb8556a] |
| + | - firewall-cmd --add-service=smtp --permanent |
| + | - firewall-cmd --add-service=smtp-submission --permanent |
| + | - firewall-cmd --reload |
| + | #br |