あまりやる機会が無いのですぐに忘れるメールサーバの設定手順(^^ゞ
postfix/dovecotを使って構築する。dovecotにする理由は、Fedoraからcyrus-imapdが既に削除されているので、将来的にはdovecotに移行するだろうから。
postfixの設定。/etc/postfix/main.cfの有効行と有用なコメント行だけ。
# grep -v '^#' /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
#ホスト名
myhostname = mail.rio.st
#ドメイン
mydomain = rio.st
myorigin = $mydomain
inet_interfaces = all
#受け取るドメイン
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, rio.tc
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mynetworks = 192.168.x.0/24, 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#Maildir形式を選択
home_mailbox = Maildir/
#バナーを隠ぺい
smtpd_banner = $myhostname ESMTP UNKNOWN
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
mailbox_size_limit = 204800000
message_size_limit = 102400000
#-----------------------------------------------------------------------------
# smtpd_sasl_auth_enable = SASLによるSMTP_AUTHを有効にする設定
#-----------------------------------------------------------------------------
smtpd_sasl_auth_enable = yes
#-----------------------------------------------------------------------------
# smtpd_sasl_local_domain = ローカル認証のREALMの指定。
# 後述するsaslpasswd2設定時のREALMと同じものを利用。
#-----------------------------------------------------------------------------
smtpd_sasl_local_domain = $myhostname
#-----------------------------------------------------------------------------
# broken_sasl_auth_clients = Outlook LOGIN 認証を利用するための設定
#-----------------------------------------------------------------------------
broken_sasl_auth_clients = yes
#-----------------------------------------------------------------------------
# smtpd_recipient_restrictions = メールリレー制御の設定(宛先の制限)
#-----------------------------------------------------------------------------
# permit_mynetworks - サーバが属すネットワーク内のクライアントを許可
# permit_sasl_authenticated - SMTP_AUTHによって認証されたクライアントを許可
# reject_unauth_destination - 以下のパラメータにセットされているアドレス宛て
# のメールかどうかをチェックし、それ以外は拒否。
# $mydestination,
# $inet_interfaces,
# $virtual_alias_domains,
# $virtual_mailbox_domains,
# $relay_domains
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
#-----------------------------------------------------------------------------
# S25R Rejection
#-----------------------------------------------------------------------------
smtpd_client_restrictions =
permit_mynetworks,
check_client_access regexp:/etc/postfix/white_list,
check_client_access regexp:/etc/postfix/rejections
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
check_helo_access regexp:/etc/postfix/helo_restrictions
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domainS25R Rejection用に、/etc/postfix/rejectionsと/etc/postfix/white_listを追加。
# cat /etc/postfix/rejections
# S25R client rejection specifications for Postfix
# Contributed by ASAMI Hideo (Japan), Jun 2004; Jul 2007
# Refer to: http://www.gabacho-net.jp/en/anti-spam/
#
# To use this file, add following lines into the /etc/postfix/main.cf file:
#
# smtpd_client_restrictions =
# permit_mynetworks,
# check_client_access regexp:/etc/postfix/white_list
# check_client_access regexp:/etc/postfix/rejections
#
# where "rejections" is the name of this file.
#
# *** BLACK LIST ***
#
# When you find a UCE sender's FQDN which is not rejected by the generic
# protection rules specified below, insert here a denial specification taking
# a leaf from the following practical examples. You should specify a subdomain
# name or a substring together with the domain name if possible so that you can
# avoid rejecting legitimate mail relay servers in the same domain.
#
# pr86.internetdsl.tpnet.pl
# fq217.neoplus.adsl.tpnet.pl
# pa148.braniewo.sdi.tpnet.pl
/\.(internetdsl|adsl|sdi)\.tpnet\.pl$/ 450 domain check, be patient
#
# user-0cetcbr.cable.mindspring.com
# user-vc8fldi.biz.mindspring.com
/^user.+\.mindspring\.com$/ 450 domain check, be patient
#
# c9531ecc.virtua.com.br (hexadecimal used)
# c9066a60.static.spo.virtua.com.br (hexadecimal used)
/^[0-9a-f]{8}\.(.+\.)?virtua\.com\.br$/ 450 domain check, be patient
#
# catv-5984bdee.catv.broadband.hu (hexadecimal used)
/\.catv\.broadband\.hu$/ 450 domain check, be patient
#
# Edc3e.e.pppool.de
# BAA1408.baa.pppool.de
/[0-9a-f]{4}\.[a-z]+\.pppool\.de$/ 450 domain check, be patient
#
# pD9EB80CB.dip0.t-ipconnect.de (hexadecimal used)
/\.dip[0-9]+\.t-ipconnect\.de$/ 450 domain check, be patient
#
# pD9E799A1.dip.t-dialin.net (hexadecimal used)
/\.dip\.t-dialin\.net$/ 450 domain check, be patient
#
# ool-43511bdc.dyn.optonline.net (hexadecimal used)
/\.dyn\.optonline\.net$/ 450 domain check, be patient
#
# rt-dkz-1699.adsl.wanadoo.nl
# c3eea5738.cable.wanadoo.nl (hexadecimal used)
/\.(adsl|cable)\.wanadoo\.nl$/ 450 domain check, be patient
#
# ACBBD419.ipt.aol.com (hexadecimal used)
/\.ipt\.aol\.com$/ 450 domain check, be patient
#
# *** GENERIC PROTECTION ***
#
# [rule 0]
/^unknown$/ 450 reverse lookup failure, be patient
#
# [rule 1]
# ex: evrtwa1-ar3-4-65-157-048.evrtwa1.dsl-verizon.net
# ex: a12a190.neo.rr.com
/^[^.]*[0-9][^0-9.]+[0-9]/ 450 S25R check, be patient
#
# [rule 2]
# ex: pcp04083532pcs.levtwn01.pa.comcast.net
/^[^.]*[0-9]{5}/ 450 S25R check, be patient
#
# [rule 3]
# ex: 398pkj.cm.chello.no
# ex: host.101.169.23.62.rev.coltfrance.com
/^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]/ 450 S25R check, be patient
#
# [rule 4]
# ex: wbar9.chi1-4-11-085-222.dsl-verizon.net
/^[^.]*[0-9]\.[^.]*[0-9]-[0-9]/ 450 S25R check, be patient
#
# [rule 4]
# ex: wbar9.chi1-4-11-085-222.dsl-verizon.net
/^[^.]*[0-9]\.[^.]*[0-9]-[0-9]/ 450 S25R check, be patient
#
# [rule 5]
# ex: d5.GtokyoFL27.vectant.ne.jp
/^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\./ 450 S25R check, be patient
#
# [rule 6]
# ex: dhcp0339.vpm.resnet.group.upenn.edu
# ex: dialupM107.ptld.uswest.net
# ex: PPPbf708.tokyo-ip.dti.ne.jp
# ex: dsl411.rbh-brktel.pppoe.execulink.com
# ex: adsl-1415.camtel.net
# ex: xdsl-5790.lubin.dialog.net.pl
/^(dhcp|dialup|ppp|[achrsvx]?dsl)[^.]*[0-9]/ 450 S25R check, be patient# cat /etc/postfix/white_list
# S25R client permission specifications for Postfix
# Contributed by ASAMI Hideo (Japan), Jun 2004; Jul 2007
# Refer to: http://www.gabacho-net.jp/en/anti-spam/
#
# To use this file, add following lines into the /etc/postfix/main.cf file:
#
# smtpd_client_restrictions =
# permit_mynetworks,
# check_client_access regexp:/etc/postfix/white_list
# check_client_access regexp:/etc/postfix/rejections
#
# where "white_list" is the name of this file.
#
# *** WHITE LIST ***
#
# When you find a legitimate mail relay server which is rejected by the
# rejection specification written in the /etc/postfix/rejections file, write
# down here a permission specification taking a leaf from the following
# examples.
#
#/^223-123-45-67\.example\.net$/ OK
#/^223\.123\.45\.67$/ OK
#
#
# Practical examples:
#
# mc1-s3.bay6.hotmail.com, etc.
/\.hotmail\.com$/ OK
#
# h04-a1.data-hotel.net, etc.
/\.data-hotel\.net$/ OK
#
# web10902.mail.bbt.yahoo.co.jp
/\.yahoo\.co\.jp$/ OK
#
# web35509.mail.mud.yahoo.com
/\.yahoo\.com$/ OK
#
# c151240.vh.plala.or.jp
/\.vh\.plala\.or\.jp$/ OK
#
# n2.59-106-41-68.mixi.jp, etc.
/\.mixi\.jp$/ OK
#
# mta12.m2.home.ne.jp, etc.
/\.m2\.home\.ne\.jp$/ OK
#
# mmrts006p01c.softbank.ne.jp, etc.
# tgmsmtkn01sc1.softbank.ne.jp, etc.
/\.softbank\.ne\.jp$/ OK
#
# imt1omta04-s0.ezweb.ne.jp, etc.
/\.ezweb\.ne\.jp$/ OK
#
# bay-w1-inf5.verisign.net
# benicia-w2-inf30.verisign.net
/\.verisign\.net$/ OKSMTP AUTHをかけるために、saslの設定。
# cat /usr/lib64/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain loginpostfixは/var/spool/mail/user名というファイルでメールを受信し、その後/var/spool/imap/*/user/user名以下にMaildir形式で蓄積されるが、これを各ユーザのホームディレクトリになるようにする。skeletonをいじる。
# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
# chmod -R 700 /etc/skel/Maildir/
# chcon -R system_u:object_r:etc_t:s0 /etc/skel/Maildir/dovecotを設定する。/etc/dovecot.conf。ユーザーが少ないので、システムアカウントをそのまま使うため、mechanismにloginを追加。
# diff /etc/dovecot.conf /etc/dovecot.conf.orig
20c20
< protocols = imap
---
> #protocols = imap imaps pop3 pop3s
214d213
< mail_location = maildir:~/Maildir
231c230
< namespace private {
---
> #namespace private {
235c234
< separator = "."
---
< #separator =
239c238
< prefix = "INBOX."
---
> #prefix =
247c246
< inbox = yes
---
> #inbox = no
263c262
< }
---
> #}
795c794
< mechanisms = plain login
---
> mechanisms = plainRHEL5のdovecotではApple Mailと相性が悪いらしく、INBOXをprefixに指定してもうまく動かないので、atrpmsからDL。
