CentOSへの移行(その4) Mail Server(Postfix)関連パッケージのインストールと設定
March 23, 2019 – 2:16 pmMail Server(Postfix)関連パッケージのインストールと設定作業のログをアップしている。
Mail Serverの本体Postfixは、CentOS7.6 minimalに含まれており、特段のインストール作業は行わなかったが、Dovecot、Amavis/Clamをインストールするとともに、それらのと連携を前提とする設定作業を行った。
- Mail Server関連パッケージのインストール
- Clam関連パッケージのインストール
[root@server02 ~]# yum --enablerepo=epel install clam\*
Packages installed/updated:
============================================================================================================================= Package Arch Version Repository Size ============================================================================================================================= Installing: clamav x86_64 0.101.1-1.el7 epel 389 k clamav-data noarch 0.101.1-1.el7 epel 164 M clamav-devel x86_64 0.101.1-1.el7 epel 50 k clamav-filesystem noarch 0.101.1-1.el7 epel 27 k clamav-lib x86_64 0.101.1-1.el7 epel 772 k clamav-milter x86_64 0.101.1-1.el7 epel 111 k clamav-milter-systemd x86_64 0.101.1-1.el7 epel 26 k clamav-scanner-systemd x86_64 0.101.1-1.el7 epel 26 k clamav-server-systemd x86_64 0.101.1-1.el7 epel 26 k clamav-unofficial-sigs noarch 5.6.2-3.el7 epel 50 k clamav-update x86_64 0.101.1-1.el7 epel 101 k clamd x86_64 0.101.1-1.el7 epel 121 k clamsmtp x86_64 1.10-12.el7 epel 44 k Installing for dependencies: bind-libs x86_64 32:9.9.4-73.el7_6 updates 1.0 M bind-utils x86_64 32:9.9.4-73.el7_6 updates 206 k keyutils-libs-devel x86_64 1.5.8-3.el7 base 37 k krb5-devel x86_64 1.15.1-37.el7_6 updates 271 k libcom_err-devel x86_64 1.42.9-13.el7 base 31 k libkadm5 x86_64 1.15.1-37.el7_6 updates 178 k libselinux-devel x86_64 2.5-14.1.el7 base 187 k libsepol-devel x86_64 2.5-10.el7 base 77 k libtool-ltdl x86_64 2.4.2-22.el7_3 base 49 k libverto-devel x86_64 0.2.5-4.el7 base 12 k openssl-devel x86_64 1:1.0.2k-16.el7 base 1.5 M pcre-devel x86_64 8.32-17.el7 base 480 k pcre2 x86_64 10.23-2.el7 base 201 k rsync x86_64 3.1.2-4.el7 base 403 k sendmail-milter x86_64 8.14.7-5.el7 base 71 k zlib-devel x86_64 1.2.7-18.el7 base 50 k Updating for dependencies: bind-libs-lite x86_64 32:9.9.4-73.el7_6 updates 741 k bind-license noarch 32:9.9.4-73.el7_6 updates 87 k krb5-libs x86_64 1.15.1-37.el7_6 updates 803 k Transaction Summary ============================================================================================================================= Install 13 Packages (+16 Dependent packages) Upgrade ( 3 Dependent packages)
- amavis関連パッケージのインストール
[root@server02 ~]# yum --enablerepo=epel install amavis\*
Packages installed/updated:
============================================================================================================================= Package Arch Version Repository Size ============================================================================================================================= Installing: amavisd-milter x86_64 1.6.1-1.el7 epel 33 k amavisd-new noarch 2.11.1-1.el7 epel 863 k amavisd-new-snmp noarch 2.11.1-1.el7 epel 36 k amavisd-new-snmp-zeromq noarch 2.11.1-1.el7 epel 27 k amavisd-new-zeromq noarch 2.11.1-1.el7 epel 30 k Installing for dependencies: altermime x86_64 0.3.10-10.el7 epel 57 k arj x86_64 3.10.22-22.el7 epel 171 k bzip2 x86_64 1.0.6-13.el7 base 52 k cabextract x86_64 1.5-1.el7 epel 43 k freeze x86_64 2.5.0-16.el7 epel 31 k gdbm-devel x86_64 1.10-8.el7 base 47 k glibc-devel x86_64 2.17-260.el7_6.3 updates 1.1 M glibc-headers x86_64 2.17-260.el7_6.3 updates 683 k kernel-headers x86_64 3.10.0-957.5.1.el7 updates 8.0 M libmspack x86_64 0.5-0.6.alpha.el7 base 64 k lm_sensors-libs x86_64 3.4.0-6.20160601gitf9185e5.el7 base 42 k lzop x86_64 1.03-10.el7 base 54 k net-snmp x86_64 1:5.7.2-37.el7 base 331 k net-snmp-agent-libs x86_64 1:5.7.2-37.el7 base 705 k net-snmp-libs x86_64 1:5.7.2-37.el7 base 749 k net-snmp-perl x86_64 1:5.7.2-37.el7 base 337 k nomarch x86_64 1.4-11.el7 epel 20 k openpgm x86_64 5.2.122-2.el7 epel 171 k p7zip x86_64 16.02-10.el7 epel 604 k p7zip-plugins x86_64 16.02-10.el7 epel 967 k pax x86_64 3.4-19.el7 base 74 k perl-Archive-Tar noarch 1.92-2.el7 base 73 k perl-Archive-Zip noarch 1.30-11.el7 base 107 k perl-Authen-SASL noarch 2.15-10.el7 base 57 k perl-BerkeleyDB x86_64 0.51-4.el7 epel 148 k perl-Business-ISBN noarch 2.06-2.el7 base 25 k perl-Business-ISBN-Data noarch 20120719.001-2.el7 base 24 k perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k perl-Convert-ASN1 noarch 0.26-4.el7 base 54 k perl-Convert-BinHex noarch 1.119-20.el7 epel 44 k perl-Convert-TNEF noarch 0.18-2.el7 epel 22 k perl-Convert-UUlib x86_64 2:1.5-1.el7 epel 216 k perl-Crypt-OpenSSL-Bignum x86_64 0.04-18.el7 base 34 k perl-Crypt-OpenSSL-RSA x86_64 0.28-7.el7 base 38 k perl-Crypt-OpenSSL-Random x86_64 0.04-21.el7 base 24 k perl-DBD-SQLite x86_64 1.39-3.el7 base 1.3 M perl-DBI x86_64 1.627-4.el7 base 802 k perl-DB_File x86_64 1.830-6.el7 base 74 k perl-Data-Dumper x86_64 2.145-3.el7 base 47 k perl-Digest noarch 1.17-245.el7 base 23 k perl-Digest-HMAC noarch 1.03-5.el7 base 16 k perl-Digest-MD5 x86_64 2.52-3.el7 base 30 k perl-Digest-SHA x86_64 1:5.85-4.el7 base 58 k perl-Digest-SHA1 x86_64 2.13-9.el7 base 50 k perl-Encode-Detect x86_64 1.01-13.el7 base 82 k perl-Encode-Locale noarch 1.03-5.el7 base 16 k perl-Error noarch 1:0.17020-2.el7 base 32 k perl-ExtUtils-Install noarch 1.58-294.el7_6 updates 75 k perl-ExtUtils-MakeMaker noarch 6.68-3.el7 base 275 k perl-ExtUtils-Manifest noarch 1.61-244.el7 base 31 k perl-ExtUtils-ParseXS noarch 1:3.18-3.el7 base 77 k perl-File-Listing noarch 6.04-7.el7 base 13 k perl-GSSAPI x86_64 0.28-9.el7 base 59 k perl-HTML-Parser x86_64 3.71-4.el7 base 115 k perl-HTML-Tagset noarch 3.20-15.el7 base 18 k perl-HTTP-Cookies noarch 6.01-5.el7 base 26 k perl-HTTP-Daemon noarch 6.01-8.el7 base 21 k perl-HTTP-Date noarch 6.02-8.el7 base 14 k perl-HTTP-Message noarch 6.06-6.el7 base 82 k perl-HTTP-Negotiate noarch 6.01-5.el7 base 17 k perl-IO-Compress noarch 2.061-2.el7 base 260 k perl-IO-HTML noarch 1.00-2.el7 base 23 k perl-IO-Multiplex noarch 1.13-6.el7 epel 25 k perl-IO-Socket-INET6 noarch 2.69-5.el7 base 20 k perl-IO-Socket-IP noarch 0.21-5.el7 base 36 k perl-IO-Socket-SSL noarch 1.94-7.el7 base 115 k perl-IO-Zlib noarch 1:1.10-294.el7_6 updates 52 k perl-IO-stringy noarch 2.110-22.el7 base 71 k perl-JSON noarch 2.59-2.el7 base 96 k perl-LDAP noarch 1:0.56-6.el7 base 411 k perl-LWP-MediaTypes noarch 6.02-2.el7 base 24 k perl-MIME-tools noarch 5.505-1.el7 epel 256 k perl-Mail-DKIM noarch 0.39-8.el7 base 129 k perl-Mail-SPF noarch 2.8.0-4.el7 base 140 k perl-MailTools noarch 2.12-2.el7 base 108 k perl-Mozilla-CA noarch 20130114-5.el7 base 11 k perl-Net-DNS x86_64 0.72-6.el7 base 308 k perl-Net-Daemon noarch 0.48-5.el7 base 51 k perl-Net-HTTP noarch 6.06-2.el7 base 29 k perl-Net-LibIDN x86_64 0.12-15.el7 base 28 k perl-Net-SMTP-SSL noarch 1.01-13.el7 base 9.1 k perl-Net-SSLeay x86_64 1.55-6.el7 base 285 k perl-Net-Server noarch 2.007-2.el7 epel 208 k perl-NetAddr-IP x86_64 4.069-3.el7 base 125 k perl-Package-Constants noarch 1:0.02-294.el7_6 updates 46 k perl-PlRPC noarch 0.2020-14.el7 base 36 k perl-Razor-Agent x86_64 2.85-15.el7 epel 121 k perl-Socket6 x86_64 0.23-15.el7 base 27 k perl-Sys-Syslog x86_64 0.33-3.el7 base 42 k perl-Test-Harness noarch 3.28-3.el7 base 302 k perl-Text-Soundex x86_64 3.04-4.el7 base 19 k perl-Text-Unidecode noarch 0.04-20.el7 base 114 k perl-TimeDate noarch 1:2.30-2.el7 base 52 k perl-URI noarch 1.60-9.el7 base 106 k perl-Unix-Syslog x86_64 1.1-17.el7 epel 29 k perl-WWW-RobotRules noarch 6.02-5.el7 base 18 k perl-XML-Filter-BufferText noarch 1.01-17.el7 base 11 k perl-XML-NamespaceSupport noarch 1.11-10.el7 base 18 k perl-XML-SAX-Base noarch 1.08-7.el7 base 32 k perl-XML-SAX-Writer noarch 0.53-4.el7 base 25 k perl-ZMQ-Constants noarch 1.04-1.el7 epel 14 k perl-ZMQ-LibZMQ3 x86_64 1.19-1.el7 epel 47 k perl-devel x86_64 4:5.16.3-294.el7_6 updates 453 k perl-libwww-perl noarch 6.05-2.el7 base 205 k perl-version x86_64 3:0.99.07-3.el7 base 84 k portreserve x86_64 0.0.5-11.el7 base 26 k procmail x86_64 3.22-36.el7_4.1 base 171 k psmisc x86_64 22.20-15.el7 base 141 k pyparsing noarch 1.5.6-9.el7 base 94 k spamassassin x86_64 3.4.0-4.el7_5 updates 1.2 M systemtap-sdt-devel x86_64 3.3-3.el7 base 74 k tmpwatch x86_64 2.11-5.el7 base 38 k unzoo x86_64 4.4-16.el7 epel 24 k zeromq3 x86_64 3.2.5-1.el7 epel 344 k Updating for dependencies: glibc x86_64 2.17-260.el7_6.3 updates 3.7 M glibc-common x86_64 2.17-260.el7_6.3 updates 12 M Transaction Summary ============================================================================================================================= Install 5 Packages (+115 Dependent packages) Upgrade ( 2 Dependent packages)
- dovecot関連パッケージのインストール
[root@server02 ~]# yum --enablerepo=epel install dovecot
Package installed:
============================================================================================================================= Package Arch Version Repository Size ============================================================================================================================= Installing: dovecot x86_64 1:2.2.36-3.el7 base 4.4 M Installing for dependencies: clucene-core x86_64 2.3.3.4-11.el7 base 528 k Transaction Summary ============================================================================================================================= Install 1 Package (+1 Dependent package)
- SASL認証 cyrus-sasl関連ライブラリのインストール
(注)dovecot-sasl認証を使用する場合にはcyrus-saslのインストールは必要ないはず[root@server02 ~]# yum --enablerepo=epel install cyrus\*
Packages installed
============================================================================================================================= Package Arch Version Repository Size ============================================================================================================================= Installing: cyrus-imapd x86_64 2.4.17-13.el7 base 3.2 M cyrus-imapd-devel x86_64 2.4.17-13.el7 base 244 k cyrus-imapd-utils x86_64 2.4.17-13.el7 base 247 k cyrus-sasl-gs2 x86_64 2.1.26-23.el7 base 41 k cyrus-sasl-gssapi x86_64 2.1.26-23.el7 base 41 k cyrus-sasl-ldap x86_64 2.1.26-23.el7 base 36 k cyrus-sasl-md5 x86_64 2.1.26-23.el7 base 57 k cyrus-sasl-ntlm x86_64 2.1.26-23.el7 base 42 k cyrus-sasl-plain x86_64 2.1.26-23.el7 base 39 k cyrus-sasl-scram x86_64 2.1.26-23.el7 base 43 k cyrus-sasl-sql x86_64 2.1.26-23.el7 base 38 k Installing for dependencies: postgresql-libs x86_64 9.2.24-1.el7_5 base 234 k Transaction Summary =============================================================================================================================
- Clam関連パッケージのインストール
- Mail Server 各種設定ファイル
- postfix 設定ファイル
(修正追加部のみ記載)
/etc/postfix/main.cf:#myorigin = $myhostname myorigin = $mydomain inet_interfaces = all # Enable IPv4, and IPv6 if supported inet_protocols = all #mynetworks = 192.168.11.0/24, 127.0.0.0/8 mynetworks = 192.168.11.0/24, 127.0.0.0/8,[****:****:****:****::]/64 #relay_domains = $mydestination relay_domains = $mydestination #home_mailbox = Mailbox home_mailbox = Maildir/ #for SMTP-Auth settings smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname #smtpd_client_restrictions = permit_mynetworks,reject_unknown_client,permit smtpd_client_restrictions = permit_mynetworks,permit smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject content_filter=smtp-amavis:[127.0.0.1]:10024 # for spam disable_vrfy_command = yes smtpd_helo_required = yes # for DKIM smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept
/etc/postfix/master.cf:
# # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd ( 省 略 ) smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks - Dovecot 設定ファイル
/etc/dovecot/dovecot.conf:# Protocols we want to be serving. #protocols = imap pop3 lmtp protocols = imap listen = *, [::] #listen = *
/etc/dovecot/conf.d/10-auth.conf:
#disable_plaintext_auth = yes disable_plaintext_auth = no auth_mechanisms = plain
/etc/dovecot/conf.d/10-mail.conf:
#mail_location = mail_location = maildir:~/Maildir
/etc/dovecot/conf.d/10-master.conf:
# Postfix smtp-auth #unix_listener /var/spool/postfix/private/auth { # mode = 0666 #} unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }10-ssl.conf:
#ssl = required ssl = no
- Amavisd 設定ファイル
/etc/amavisd/amavisd.conf:# $mydomain = 'example.com'; # a convenient default for other settings $mydomain = 'yamasnet.com'; # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! $myhostname = 'mail.yamasnet.com'; $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! # ['Avira SAVAPI', # \&ask_daemon, ["*", 'savapi:/var/tmp/.savapi3', 'product-id'], # qr/^(200|210)/m, qr/^(310|420|319)/m, # qr/^(?:310|420)[,\s]*(?:.* <<< )?(.+?)(?: ; |$)/m ], # settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1 ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], # NOTE: run clamd under the same user as amavisd - or run it under its own # uid such as clamav, add user clamav to the amavis group, and then add # AllowSupplementaryGroups to clamd.conf; # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # this entry; when running chrooted one may prefer a socket under $MYHOME.
- postfix 設定ファイル
- Mail Server 周辺環境の設定作業等
- opendkimインストール
[root@server02 ~]# yum install opendkim
Packages installed:
==================================================================================================================================================== Package Arch Version Repository Size ==================================================================================================================================================== Installing: opendkim x86_64 2.11.0-0.1.el7 epel 222 k Installing for dependencies: libbsd x86_64 0.8.3-1.el7 epel 85 k libevent x86_64 2.0.21-4.el7 base 214 k libmemcached x86_64 1.0.16-5.el7 base 237 k libopendkim x86_64 2.11.0-0.1.el7 epel 75 k opendbx x86_64 1.4.6-6.el7 epel 46 k Transaction Summary ==================================================================================================================================================== Install 1 Package (+5 Dependent packages)
Server01 に導入済みのopendkim設定をそのまま使用
/etc/opendkim 以下を Sever01 からSever02にcopy後この所有者をopendkimに変更[root@server02 ~]# chown -R opendkim:opendkim /etc/opendkim
- /etc/aliases の設定
設定後、別名(aliases)の有効化[root@server02 ~]# newaliases
- opendkimインストール
- 関連Service の起動と自動起動の有効化
[root@server02 ~]# systemctl start dovecot [root@server02 ~]# systemctl enable dovecot Created symlink from /etc/systemd/system/multi-user.target.wants/dovecot.service to /usr/lib/systemd/system/dovecot.service. [root@server02 ~]# systemctl start amavisd [root@server02 ~]# systemctl enable amavisd Created symlink from /etc/systemd/system/multi-user.target.wants/amavisd.service to /usr/lib/systemd/system/amavisd.service. [root@server02 ~]# systemctl start clamd@amavisd [root@server02 ~]# systemctl enable clamd@amavisd. [root@server02 ~]# systemctl start spamassassin [root@server02 ~]# systemctl enable spamassassin Created symlink from /etc/systemd/system/multi-user.target.wants/spamassassin.service to /usr/lib/systemd/system/spamassassin.service. [root@server02 ~]# systemctl start opendkim [root@server02 ~]# systemctl enable opendkim Created symlink from /etc/systemd/system/multi-user.target.wants/opendkim.service to /usr/lib/systemd/system/opendkim.service. [root@server02 ~]# systemctl start postfix [root@server02 ~]# systemctl enable postfix Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.