CentOS7でPostfix+Dovecotでメールサーバー構築
10年間のドメインを購入したので、折角なのでメールサーバーを構築することにしました
構成として
環境
$ cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core)
Postfix、Dovecot、Cyrusをインストール
$ yum install -y postfix dovecot cyrus-sasl cyrus-sasl-*
※SMTP-AUTH に Dovecot-SASL を使うので Cyrus-SASL のインストールは不要かもしれない
saslauthd は Cyrus-SASL なので、Dovecot-SASL を使う場合においては、サービスが不要なので、自動起動しないことになっているのをチェック
$ systemctl is-enabled saslauthd
Postfix設定
Postfix が Dovecot-SASL に対応しているか確認
$ postconf -a cyrus dovecot
dovecot
が含まれていば、おk
Postfix の設定
変更箇所のみ
$ vim /etc/postfix/main.cf myhostname = mail.tsmsogn.work mydomain = tsmsogn.work myorigin = $mydomain inet_interfaces = all # ipv6で送信しないように inet_protocols = ipv4 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain # 存在しないメールアドレス(ユーザー)へのメールは破棄 local_recipient_maps = proxy:unix:passwd.byname $alias_maps # ディレクトリ形式 home_mailbox = Maildir/ smtpd_banner = $myhostname ESMTP
ユーザーを追加時に、メールDir形式のフォルダも作成するようにする
$ mkdir -p /etc/skel/Maildir/{new,cur,tmp} $ chmod -R 700 /etc/skel/Maildir/
Dovecot の設定
$ vim /etc/dovecot/conf.d/10-ssl.conf mail_location = maildir:~/Maildir
$ vim /etc/dovecot/conf.d/10-mail.conf ssl_cert = </etc/letsencrypt/live/mail.tsmsogn.work/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.tsmsogn.work/privkey.pem
$ vim /etc/dovecot/conf.d/10-mail.conf unix_listener /var/spool/postfix/private/auth { mode = 0666 }
外部からの認証にも平文パスワードを許可する
$ vim /etc/dovecot/conf.d/10-mail.conf disable_plaintext_auth = no $ vim /etc/dovecot/conf.d/10-ssl.conf ssl = no
送信できるか確認
$ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.tsmsogn.work ESMTP HELO localhost 250 mail.tsmsogn.work HELO mail.tsmsogn.work 250 mail.tsmsogn.work MAIL FROM: tsmsogn@mail.tsmsogn.work 250 2.1.0 Ok RCPT TO: tsmsogn@mail.tsmsogn.work 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> Hello World . 250 2.0.0 Ok: queued as CAC7EC6E0B4 QUIT 221 2.0.0 Bye Connection closed by foreign host.
となればおk
いちおう maillog も確認
$ tail -f /var/log/maillog Feb 8 10:21:34 www3075ue postfix/smtpd[13871]: CAC7EC6E0B4: client=localhost[127.0.0.1] Feb 8 10:22:33 www3075ue postfix/cleanup[14012]: CAC7EC6E0B4: message-id=<20190208012134.CAC7EC6E0B4@mail.tsmsogn.work> Feb 8 10:22:33 www3075ue postfix/qmgr[23718]: CAC7EC6E0B4: from=<tsmsogn@mail.tsmsogn.work>, size=344, nrcpt=1 (queue active) Feb 8 10:22:34 www3075ue postfix/local[14051]: CAC7EC6E0B4: to=<tsmsogn@mail.tsmsogn.work>, relay=local, delay=76, delays=75/1.1/0/0.06, dsn=2.0.0, status=sent (delivered to maildir) Feb 8 10:22:34 www3075ue postfix/qmgr[23718]: CAC7EC6E0B4: removed Feb 8 10:22:44 www3075ue postfix/smtpd[13871]: disconnect from localhost[127.0.0.1]
POP(110)で上で送信したメールを確認
telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. USER tsmsogn +OK PASS パスワード +OK Logged in. LIST +OK 1 messages: 1 469 . RETR 1 +OK 469 octets Return-Path: <tsmsogn@mail.tsmsogn.work> X-Original-To: tsmsogn@mail.tsmsogn.work Delivered-To: tsmsogn@mail.tsmsogn.work Received: from mail.tsmsogn.work (localhost [127.0.0.1]) by mail.tsmsogn.work (Postfix) with SMTP id CAC7EC6E0B4 for <tsmsogn@mail.tsmsogn.work>; Fri, 8 Feb 2019 10:21:18 +0900 (JST) Message-Id: <20190208012134.CAC7EC6E0B4@mail.tsmsogn.work> Date: Fri, 8 Feb 2019 10:21:18 +0900 (JST) From: tsmsogn@mail.tsmsogn.work Hello World . QUIT +OK Logging out.
IMAP(143)で上で送信したメールを確認
IMAP コマンドの基本
数字 コマンド
となる
$ telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. 1 login ユーザー名 パスワード 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPAC E UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY SPECIAL-USE] Logged in 2 list "" * * LIST (\HasNoChildren) "." INBOX 2 OK List completed (0.001 + 0.000 secs). 3 select INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 1 EXISTS * 0 RECENT * OK [UIDVALIDITY 1549590395] UIDs valid * OK [UIDNEXT 2] Predicted next UID 3 OK [READ-WRITE] Select completed (0.031 + 0.000 + 0.030 secs). 4 fetch 1 body[] * 1 FETCH (BODY[] {469} Return-Path: <tsmsogn@mail.tsmsogn.work> X-Original-To: tsmsogn@mail.tsmsogn.work Delivered-To: tsmsogn@mail.tsmsogn.work Received: from mail.tsmsogn.work (localhost [127.0.0.1]) by mail.tsmsogn.work (Postfix) with SMTP id CAC7EC6E0B4 for <tsmsogn@mail.tsmsogn.work>; Fri, 8 Feb 2019 10:21:18 +0900 (JST) Message-Id: <20190208012134.CAC7EC6E0B4@mail.tsmsogn.work> Date: Fri, 8 Feb 2019 10:21:18 +0900 (JST) From: tsmsogn@mail.tsmsogn.work Hello World ) 4 OK Fetch completed (0.014 + 0.000 + 0.013 secs). 5 logout * BYE Logging out 5 OK Logout completed (0.001 + 0.000 secs). Connection closed by foreign host.
ファイアウォールの設定
サービスを追加します
$ firewall-cmd --permanent --add-service=smtp --zone=public $ firewall-cmd --permanent --add-service=smtps --zone=public $ firewall-cmd --permanent --add-service=smtp-submission --zone=public $ firewall-cmd --permanent --add-service=pop3 --zone=public $ firewall-cmd --permanent --add-service=imap --zone=public $ firewall-cmd --permanent --add-service=pop3s --zone=public $ firewall-cmd --permanent --add-service=imaps --zone=public $ firewall-cmd --reload
ポート開放確認
$ firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client http ssh smtp smtps smtp-submission pop3 imap ports: 8080/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: