postfix SMTPS+dovecot環境 のバックアップ(No.1)

• バックアップ一覧
• 差分 を表示
• 現在との差分 を表示
• ソース を表示
• postfix SMTPS+dovecot環境 へ行く。
  • 1 (2017-06-04 (日) 22:18:02)

Postfix+Dovecot（SSL暗号化対応＋仮想メールボックス化） †

Postfix設定 †

• 運用ドメイン　madlab.gr.jp , yasuragi.or.jp
• サーバFQDN　mail-01.madlab.gr.jp
• 運用メールアドレス　tanabe@madlab.gr.jp , tanabe@yasuragi.or.jp
• 運用プロトコル　SMTP , SMTPs(TCP/465) , POP3s(TCP/995) , IMAPs(TCP/993)

• /etc/postfix/main.cf

  myhostname = mail-01.madlab.gr.jp
  mydomain = madlab.gr.jp
  myorigin = $myhostname
  inet_interfaces = all
  inet_protocols = ipv4
  mydestination = $myhostname, localhost.$mydomain, localhost
  relay_domains = $mydestination
  alias_maps = hash:/etc/aliases
  alias_database = hash:/etc/aliases
  home_mailbox = Maildir/
  smtpd_banner = $myhostname ESMTP
  debug_peer_level = 2
  debugger_command =
           PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
           ddd $daemon_directory/$process_name $process_id & sleep 5
  sendmail_path = /usr/sbin/sendmail.postfix
  newaliases_path = /usr/bin/newaliases.postfix
  mailq_path = /usr/bin/mailq.postfix
  setgid_group = postdrop
  html_directory = no
  manpage_directory = /usr/share/man
  sample_directory = /usr/share/doc/postfix-2.6.6/samples
  readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
  disable_vrfy_command = yes
  ## 存在しないメールアドレスの取り扱い
  ## /dev/nullに捨てる為にunknown_user@localhostに送る
  local_recipient_maps =
  luser_relay = unknown_user@localhost
  smtpd_sasl_auth_enable = yes
  smtpd_sasl_type = dovecot
  smtpd_sasl_path = private/auth
  smtpd_use_tls = yes
  smtp_tls_security_level = may
  smtpd_tls_cert_file = /etc/postfix/madlab.gr.jp.crt
  smtpd_tls_key_file = /etc/postfix/madlab.gr.jp.key
  smtpd_tls_received_header = yes
  smtpd_tls_loglevel = 1
  smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
  smtpd_tls_session_cache_timeout = 3600s
  smtpd_recipient_restrictions =
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_unauth_destination
  virtual_mailbox_domains = madlab.gr.jp, yasuragi.or.jp
  virtual_mailbox_base = /home/mailuser/vmailbox
  virtual_mailbox_maps = hash:/etc/postfix/vmailbox
  virtual_uid_maps = static:1000
  virtual_gid_maps = static:1000

• /etc/postfix/master.cf

  smtp      inet  n       -       n       -       -       smtpd
  smtps     inet  n       -       n       -       -       smtpd
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  #  -o milter_macro_daemon_name=ORIGINATING
  #628      inet  n       -       n       -       -       qmqpdpickup    fifo  n       
  -       n       60      1       pickup
  cleanup   unix  n       -       n       -       0       cleanup
  qmgr      fifo  n       -       n       300     1       qmgr
  #qmgr     fifo  n       -       n       300     1       oqmgr
  tlsmgr    unix  -       -       n       1000?   1       tlsmgr
  rewrite   unix  -       -       n       -       -       trivial-rewrite
  bounce    unix  -       -       n       -       0       bounce
  defer     unix  -       -       n       -       0       bounce
  trace     unix  -       -       n       -       0       bounce
  verify    unix  -       -       n       -       1       verify
  flush     unix  n       -       n       1000?   0       flush
  proxymap  unix  -       -       n       -       -       proxymap
  proxywrite unix -       -       n       -       1       proxymap
  smtp      unix  -       -       n       -       -       smtp
  # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
  relay     unix  -       -       n       -       -       smtp
          -o smtp_fallback_relay=
  #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
  showq     unix  n       -       n       -       -       showq
  error     unix  -       -       n       -       -       error
  retry     unix  -       -       n       -       -       error
  discard   unix  -       -       n       -       -       discard
  local     unix  -       n       n       -       -       local
  virtual   unix  -       n       n       -       -       virtual
  lmtp      unix  -       -       n       -       -       lmtp
  anvil     unix  -       -       n       -       1       anvil
  scache    unix  -       -       n       -       1       scache

• 存在しないメールアドレスを/dev/nullに捨てる

  echo 'unknown_user:	/dev/null' >> /etc/aliases
  newaliases

• 仮想メールボックス取り扱い実ユーザの作成

  groupadd -g 1000 mailuser
  useradd -u 1000 -g mailuser mailuser

• メールアドレスとメールボックスのマッピングファイル作成
  • /etc/postfix/vmailbox

    tanabe@madlab.gr.jp     madlab.gr.jp/tanabe/Maildir/
    tanabe@yasuragi.or.jp   yasuragi.or.jp/tanabe/Maildir/

• Postfixが喰える形式に変換

  postmap /etc/postfix/vmailbox

• メールボックスの作成

  mkdir -p /home/mailuser/vmailbox/madlab.gr.jp/tanabe/Maildir
  mkdir -p /home/mailuser/vmailbox/yasuragi.or.jp/tanabe/Maildir
  chown -R mailuser:mailuser /home/mailuser/vmailbox

Dovecot設定 †

• /etc/dovecor/dovecot.conf

  protocols = imap pop3
  dict {
    #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
    #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
  }
  !include conf.d/*.conf

• /etc/dovecot/conf.d/10-auth.conf

  disable_plaintext_auth = no
  auth_mechanisms = plain
  !include auth-passwdfile.conf.ext

• /etc/dovecot/conf.d/10-master.conf

  service imap-login {
    inet_listener imap {
      #port = 143
      port = 0
    }
    inet_listener imaps {
      port = 993
      ssl = yes
    }
  
    # Number of connections to handle before starting a new process. Typically
    # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
    # is faster. <doc/wiki/LoginProcess.txt>
    #service_count = 1
  
    # Number of processes to always keep waiting for more connections.
    #process_min_avail = 0
  
    # If you set service_count=0, you probably need to grow this.
    #vsz_limit = 64M
  }
  service pop3-login {
    inet_listener pop3 {
      #port = 110
      port = 0
    }
    inet_listener pop3s {
      port = 995
      ssl = yes
    }
  }
  service auth {
    unix_listener auth-userdb {
      #mode = 0600
      #user =
      #group =
    }
  
    # Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
      mode = 0666
      user = postfix
      group = postfix
    }
  
    # Auth process is run as this user.
    #user = $default_internal_user
  }

• /etc/dovecot/conf.d/10-ssl.conf

  ssl = yes
  ssl_cert = </etc/postfix/madlab.gr.jp.crt
  ssl_key = </etc/postfix/madlab.gr.jp.key

• /etc/dovecot/conf.d/10-mail.conf

  mail_location = maildir:~/Maildir
  mbox_write_locks = fcntl

• /etc/dovecot/conf.d/auth-passwdfile.conf.ext

  passdb {
    driver = passwd-file
  #  args = scheme=CRYPT username_format=%u /etc/dovecot/users
    args = /etc/dovecot/passwd
  }
  
  userdb {
    driver = passwd-file
  #  args = username_format=%u /etc/dovecot/users
    args = /etc/dovecot/passwd
  }

• パスワードハッシュ値の生成

  dovecot pw

• パスワードファイルの作成
  • 先ほど生成したハッシュ値をファイルに記述してゆく
  • 書式

    メールアドレス:パスワードハッシュ値:UID:GID:::::メールボックス形式:メールボックスPATH

• /etc/dovecot/passwd

  tanabe@madlab.gr.jp:{HMAC-MD5}abcdefg123456:1000:1000:::::Maildir:/home/mailuser/vmailbox/madlab.gr.jp/tanabe/Maildir
  tanabe@yasuragi.or.jp:{HMAC-MD5}abcdefg123456:1000:1000:::::Maildir:/home/mailuser/vmailbox/yasuragi.or.jp/tanabe/Maildir

サービスの起動 †

service postfix start
service dovecot start

サービスの自動起動設定 †

chkconfig postfix on
chkconfig dovecot on