CentOS7でPostfix+Dovecotでメールサーバー構築

10年間のドメインを購入したので、折角なのでメールサーバーを構築することにしました

構成として

SMTP-AUTHDovecot を使います

環境

$ cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)

PostfixDovecot、Cyrusをインストール

$ yum install -y postfix dovecot cyrus-sasl cyrus-sasl-*

SMTP-AUTHDovecot-SASL を使うので Cyrus-SASL のインストールは不要かもしれない

saslauthd は Cyrus-SASL なので、Dovecot-SASL を使う場合においては、サービスが不要なので、自動起動しないことになっているのをチェック

$ systemctl is-enabled saslauthd

Postfix設定

PostfixDovecot-SASL に対応しているか確認

$ postconf -a
cyrus
dovecot

dovecot が含まれていば、おk

Postfix の設定

変更箇所のみ

$ vim /etc/postfix/main.cf

myhostname = mail.tsmsogn.work
mydomain = tsmsogn.work
myorigin = $mydomain
inet_interfaces = all
# ipv6で送信しないように
inet_protocols = ipv4 

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain


# 存在しないメールアドレス(ユーザー)へのメールは破棄
local_recipient_maps = proxy:unix:passwd.byname $alias_maps

# ディレクトリ形式
home_mailbox = Maildir/

smtpd_banner = $myhostname ESMTP

ユーザーを追加時に、メールDir形式のフォルダも作成するようにする

$ mkdir -p /etc/skel/Maildir/{new,cur,tmp}
$ chmod -R 700 /etc/skel/Maildir/

Dovecot の設定

$ vim /etc/dovecot/conf.d/10-ssl.conf
mail_location = maildir:~/Maildir
$ vim /etc/dovecot/conf.d/10-mail.conf
ssl_cert = </etc/letsencrypt/live/mail.tsmsogn.work/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.tsmsogn.work/privkey.pem
$ vim /etc/dovecot/conf.d/10-mail.conf
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }

外部からの認証にも平文パスワードを許可する

$ vim /etc/dovecot/conf.d/10-mail.conf
disable_plaintext_auth = no
$ vim /etc/dovecot/conf.d/10-ssl.conf
ssl = no

送信できるか確認

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.tsmsogn.work ESMTP
HELO localhost
250 mail.tsmsogn.work
HELO mail.tsmsogn.work
250 mail.tsmsogn.work
MAIL FROM: tsmsogn@mail.tsmsogn.work
250 2.1.0 Ok
RCPT TO: tsmsogn@mail.tsmsogn.work
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Hello World
.
250 2.0.0 Ok: queued as CAC7EC6E0B4
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

となればおk

いちおう maillog も確認

$ tail -f /var/log/maillog
Feb  8 10:21:34 www3075ue postfix/smtpd[13871]: CAC7EC6E0B4: client=localhost[127.0.0.1]
Feb  8 10:22:33 www3075ue postfix/cleanup[14012]: CAC7EC6E0B4: message-id=<20190208012134.CAC7EC6E0B4@mail.tsmsogn.work>
Feb  8 10:22:33 www3075ue postfix/qmgr[23718]: CAC7EC6E0B4: from=<tsmsogn@mail.tsmsogn.work>, size=344, nrcpt=1 (queue active)
Feb  8 10:22:34 www3075ue postfix/local[14051]: CAC7EC6E0B4: to=<tsmsogn@mail.tsmsogn.work>, relay=local, delay=76, delays=75/1.1/0/0.06, dsn=2.0.0, status=sent (delivered to maildir)
Feb  8 10:22:34 www3075ue postfix/qmgr[23718]: CAC7EC6E0B4: removed
Feb  8 10:22:44 www3075ue postfix/smtpd[13871]: disconnect from localhost[127.0.0.1]

POP(110)で上で送信したメールを確認

telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
USER tsmsogn
+OK
PASS パスワード
+OK Logged in.
LIST
+OK 1 messages:
1 469
.
RETR 1
+OK 469 octets
Return-Path: <tsmsogn@mail.tsmsogn.work>
X-Original-To: tsmsogn@mail.tsmsogn.work
Delivered-To: tsmsogn@mail.tsmsogn.work
Received: from mail.tsmsogn.work (localhost [127.0.0.1])
        by mail.tsmsogn.work (Postfix) with SMTP id CAC7EC6E0B4
        for <tsmsogn@mail.tsmsogn.work>; Fri,  8 Feb 2019 10:21:18 +0900 (JST)
Message-Id: <20190208012134.CAC7EC6E0B4@mail.tsmsogn.work>
Date: Fri,  8 Feb 2019 10:21:18 +0900 (JST)
From: tsmsogn@mail.tsmsogn.work

Hello World

.
QUIT
+OK Logging out.

IMAP(143)で上で送信したメールを確認

IMAP コマンドの基本

数字 コマンド となる

$ telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
1 login ユーザー名 パスワード
1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPAC
E UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY SPECIAL-USE] Logged in
2 list "" *
* LIST (\HasNoChildren) "." INBOX
2 OK List completed (0.001 + 0.000 secs).
3 select INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1549590395] UIDs valid
* OK [UIDNEXT 2] Predicted next UID
3 OK [READ-WRITE] Select completed (0.031 + 0.000 + 0.030 secs).
4 fetch 1 body[]
* 1 FETCH (BODY[] {469}
Return-Path: <tsmsogn@mail.tsmsogn.work>
X-Original-To: tsmsogn@mail.tsmsogn.work
Delivered-To: tsmsogn@mail.tsmsogn.work
Received: from mail.tsmsogn.work (localhost [127.0.0.1])
        by mail.tsmsogn.work (Postfix) with SMTP id CAC7EC6E0B4
        for <tsmsogn@mail.tsmsogn.work>; Fri,  8 Feb 2019 10:21:18 +0900 (JST)
Message-Id: <20190208012134.CAC7EC6E0B4@mail.tsmsogn.work>
Date: Fri,  8 Feb 2019 10:21:18 +0900 (JST)
From: tsmsogn@mail.tsmsogn.work

Hello World

)
4 OK Fetch completed (0.014 + 0.000 + 0.013 secs).
5 logout
* BYE Logging out
5 OK Logout completed (0.001 + 0.000 secs).
Connection closed by foreign host.

ファイアウォールの設定

サービスを追加します

$ firewall-cmd --permanent --add-service=smtp --zone=public
$ firewall-cmd --permanent --add-service=smtps --zone=public
$ firewall-cmd --permanent --add-service=smtp-submission --zone=public
$ firewall-cmd --permanent --add-service=pop3 --zone=public
$ firewall-cmd --permanent --add-service=imap --zone=public
$ firewall-cmd --permanent --add-service=pop3s --zone=public
$ firewall-cmd --permanent --add-service=imaps --zone=public
$ firewall-cmd --reload

ポート開放確認

$ firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: dhcpv6-client http ssh smtp smtps smtp-submission pop3 imap
  ports: 8080/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules: