postfix
をテンプレートにして作成
[
トップ
] [
タイトル一覧
|
ページ一覧
|
新規
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
* postfix [#v565bc6c]
*** See also
- [[Dovecot]]
** CentOS [#n4ac1e04]
*** Install [#l28b20db]
- yum install postfix
** Setting [#h14f179c]
*** main
**** /etc/postfix/main.cf [#yb5c96bb]
- ''inet_interfaces = all'' が必要 (localhost のみの場合...
- ブラックリスト
smtpd_client_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_rbl_client all.rbl.jp,
reject_rbl_client bl.spamcop.net,
# reject_rbl_client zen.spamhaus.org,
permit
*** Submission port (587) with STARTTLS [#iab6fcd3]
**** sasl [#jed4de18]
- [[sasl>Cyrus SASL]] が必要
**** 証明書 [#fc318451]
- STARTTLS, SSL/TLS を使用するために秘密鍵とサーバ証明書...
- [[OpenSSL]] で作成する (例:private.key, server.crt)
openssl req -new -newkey rsa:2048 -days 3650 -nodes -key...
openssl x509 -in server.csr -days 3650 -req -signkey pri...
**** /etc/postfix/main.cf [#j00f8ef7]
smtpd_tls_key_file = /etc/postfix/tls/private.key
smtpd_tls_cert_file = /etc/postfix/tls/server.crt
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
**** /etc/postfix/master.cf [#m373862e]
submission inet n - n - - ...
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authentica...
- smtpd_tls_security_level=may とすると TLSを使用しないモ...
**** firewalld [#vbb8556a]
- firewall-cmd --add-service=smtp --permanent
- firewall-cmd --add-service=smtp-submission --permanent
- firewall-cmd --reload
*** SMTPS port (465) with SSL/TLS [#ic4e55f9]
**** sasl, TLS 関連は submission ポートに同じ [#ld495188]
- Submission ポートと同時に動かすことも可能
**** /etc/postfix/master.cf [#m373862e]
smtps inet n - n - - ...
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authentica...
**** firewalld [#c5d01289]
- firewall-cmd --add-service=smtps --permanent
- firewall-cmd --reload
*** [[SPF]]
- [[pypolicyd-spf>SPF/pypolicyd-spf]]
*** Check
- Open Relay Check
-- https://tools.appriver.com/OpenRelay.aspx
** Errors
*** /var/log/messages
**** sql_select option missing
- rpm -e cyrus-sasl-sql
**** auxpropfunc error no mechanism available
- rpm -e cyrus-sasl-ldap
終了行:
* postfix [#v565bc6c]
*** See also
- [[Dovecot]]
** CentOS [#n4ac1e04]
*** Install [#l28b20db]
- yum install postfix
** Setting [#h14f179c]
*** main
**** /etc/postfix/main.cf [#yb5c96bb]
- ''inet_interfaces = all'' が必要 (localhost のみの場合...
- ブラックリスト
smtpd_client_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_rbl_client all.rbl.jp,
reject_rbl_client bl.spamcop.net,
# reject_rbl_client zen.spamhaus.org,
permit
*** Submission port (587) with STARTTLS [#iab6fcd3]
**** sasl [#jed4de18]
- [[sasl>Cyrus SASL]] が必要
**** 証明書 [#fc318451]
- STARTTLS, SSL/TLS を使用するために秘密鍵とサーバ証明書...
- [[OpenSSL]] で作成する (例:private.key, server.crt)
openssl req -new -newkey rsa:2048 -days 3650 -nodes -key...
openssl x509 -in server.csr -days 3650 -req -signkey pri...
**** /etc/postfix/main.cf [#j00f8ef7]
smtpd_tls_key_file = /etc/postfix/tls/private.key
smtpd_tls_cert_file = /etc/postfix/tls/server.crt
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
**** /etc/postfix/master.cf [#m373862e]
submission inet n - n - - ...
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authentica...
- smtpd_tls_security_level=may とすると TLSを使用しないモ...
**** firewalld [#vbb8556a]
- firewall-cmd --add-service=smtp --permanent
- firewall-cmd --add-service=smtp-submission --permanent
- firewall-cmd --reload
*** SMTPS port (465) with SSL/TLS [#ic4e55f9]
**** sasl, TLS 関連は submission ポートに同じ [#ld495188]
- Submission ポートと同時に動かすことも可能
**** /etc/postfix/master.cf [#m373862e]
smtps inet n - n - - ...
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authentica...
**** firewalld [#c5d01289]
- firewall-cmd --add-service=smtps --permanent
- firewall-cmd --reload
*** [[SPF]]
- [[pypolicyd-spf>SPF/pypolicyd-spf]]
*** Check
- Open Relay Check
-- https://tools.appriver.com/OpenRelay.aspx
** Errors
*** /var/log/messages
**** sql_select option missing
- rpm -e cyrus-sasl-sql
**** auxpropfunc error no mechanism available
- rpm -e cyrus-sasl-ldap
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
