1: 2011-03-22 (火) 03:19:47 iseki |
現: 2019-08-18 (日) 01:50:13 iseki |
| * Postfix [#v565bc6c] | | * Postfix [#v565bc6c] |
| | | |
- | ** for CentOS [#n4ac1e04] | + | ** CentOS [#n4ac1e04] |
| + | |
| + | *** Install [#l28b20db] |
| + | - yum install postfix |
| + | #br |
| + | |
| + | *** Setting [#h14f179c] |
| + | **** /etc/postfix/main.cf [#yb5c96bb] |
| + | - ''inet_interfaces = all'' が必要 (localhost のみの場合,locahost 以外の名前で接続できない) |
| + | - ブラックリスト |
| + | smtpd_client_restrictions = permit_mynetworks, |
| + | reject_invalid_hostname, |
| + | reject_rbl_client all.rbl.jp, |
| + | reject_rbl_client bl.spamcop.net, |
| + | # reject_rbl_client zen.spamhaus.org, |
| + | permit |
| + | |
| + | *** Submission port (587) with STARTTLS [#iab6fcd3] |
| + | **** sasl [#jed4de18] |
| + | - [[sasl>Cryrus SASL]] が必要 |
| + | #br |
| + | |
| + | **** 証明書 [#fc318451] |
| + | - STARTTLS, SSL/TLS を使用するために秘密鍵とサーバ証明書が必要 |
| + | - [[OpenSSL]] で作成する (例:private.key, server.crt) |
| + | openssl req -new -newkey rsa:2048 -days 3650 -nodes -keyout private.key -out server.csr |
| + | openssl x509 -in server.csr -days 3650 -req -signkey private.key -out server.crt |
| + | |
| + | **** /etc/postfix/main.cf [#j00f8ef7] |
| + | smtpd_tls_key_file = /etc/postfix/tls/private.key |
| + | smtpd_tls_cert_file = /etc/postfix/tls/server.crt |
| + | |
| + | # |
| + | # |
| + | # SASL |
| + | smtpd_sasl_auth_enable = yes |
| + | smtpd_sasl_security_options = noanonymous |
| + | #smtpd_sasl_local_domain = $mydomain |
| + | smtpd_recipient_restrictions = |
| + | permit_mynetworks, |
| + | permit_sasl_authenticated, |
| + | reject_unauth_destination |
| + | |
| + | **** /etc/postfix/master.cf [#m373862e] |
| + | submission inet n - n - - smtpd |
| + | -o smtpd_tls_security_level=encrypt |
| + | -o smtpd_sasl_auth_enable=yes |
| + | -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject |
| + | - smtpd_tls_security_level=may とすると TLSを使用しないモードも使用可能(危険) |
| + | #br |
| + | |
| + | **** firewalld [#vbb8556a] |
| + | - firewall-cmd --add-service=smtp --permanent |
| + | - firewall-cmd --add-service=smtp-submission --permanent |
| + | - firewall-cmd --reload |
| + | #br |
| + | |
| + | *** SMTPS port (465) with SSL/TLS [#ic4e55f9] |
| + | **** sasl, TLS 関連は submission ポートに同じ [#ld495188] |
| + | - Submission ポートと同時に動かすことも可能 |
| + | #br |
| + | |
| + | **** /etc/postfix/master.cf [#m373862e] |
| + | smtps inet n - n - - smtpd |
| + | -o smtpd_tls_wrappermode=yes |
| + | -o smtpd_sasl_auth_enable=yes |
| + | -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject |
| + | #br |
| + | |
| + | **** firewalld [#c5d01289] |
| + | - firewall-cmd --add-service=smtps --permanent |
| + | - firewall-cmd --reload |
| + | #br |