AlmaLinux8.3の利用: メールサーバのインストール
June 3, 2021 – 10:50 amAlmaLinx8.3上に メールサーバを構築するため、Postfix + Dcovecot をインストール。
加えて、Clamav、Amavisdをインストール。Postfix と Clamavを連携するなどし、送受信メールのリアルタイムスキャンを可能にした。
また、電子署名・検証技術 OpenDKIMをインストール設定した。
インストール時のログとメールサーバ設定に必要な設定作業について記述した。
PostfixならびにDovecot のインストール:
- Postfix のインストール
[root@server02 ~]# dnf install postfix Extra Packages for Enterprise Linux Modular 8 - x86_64 464 kB/s | 610 kB 00:01 Extra Packages for Enterprise Linux 8 - x86_64 7.8 MB/s | 9.4 MB 00:01 Dependencies resolved. ============================================================================================================ Package Architecture Version Repository Size ============================================================================================================ Installing: postfix x86_64 2:3.5.8-1.el8 baseos 1.5 M Transaction Summary ============================================================================================================ Install 1 Package Total download size: 1.5 M Installed size: 4.3 M Is this ok [y/N]: y Downloading Packages: postfix-3.5.8-1.el8.x86_64.rpm 4.6 MB/s | 1.5 MB 00:00 ------------------------------------------------------------------------------------------------------------ Total 3.2 MB/s | 1.5 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: postfix-2:3.5.8-1.el8.x86_64 1/1 Installing : postfix-2:3.5.8-1.el8.x86_64 1/1 Running scriptlet: postfix-2:3.5.8-1.el8.x86_64 1/1 Verifying : postfix-2:3.5.8-1.el8.x86_64 1/1 Installed: postfix-2:3.5.8-1.el8.x86_64 Complete!
- Dovecotのインストール
[root@server02 ~]# dnf install dovecot Last metadata expiration check: 0:00:34 ago on Fri 28 May 2021 03:51:26 PM JST. Dependencies resolved. ============================================================================================================ Package Architecture Version Repository Size ============================================================================================================ Installing: dovecot x86_64 1:2.3.8-9.el8 appstream 5.0 M Installing dependencies: clucene-core x86_64 2.3.3.4-31.20130812.e8e3d20git.el8 appstream 598 k Transaction Summary ============================================================================================================ Install 2 Packages Total download size: 5.6 M Installed size: 19 M Is this ok [y/N]: y Downloading Packages: (1/2): clucene-core-2.3.3.4-31.20130812.e8e3d20git.el8.x86_64.rpm 1.3 MB/s | 598 kB 00:00 (2/2): dovecot-2.3.8-9.el8.x86_64.rpm 6.6 MB/s | 5.0 MB 00:00 ------------------------------------------------------------------------------------------------------------ Total 6.1 MB/s | 5.6 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded.
送受信メールのセキュリティ向上アプリ- Clamav Amavisd OpenDKIM の導入
- Epel repository の導入
[root@server02 ~]# dnf install epel-release Last metadata expiration check: 0:40:15 ago on Fri 28 May 2021 01:44:08 PM JST. Dependencies resolved. =============================================================================================================================== Package Architecture Version Repository Size =============================================================================================================================== Installing: epel-release noarch 8-10.el8 extras 22 k Transaction Summary =============================================================================================================================== Install 1 Package Total download size: 22 k Installed size: 32 k Is this ok [y/N]: y Downloading Packages: epel-release-8-10.el8.noarch.rpm 91 kB/s | 22 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------- Total 32 kB/s | 22 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : epel-release-8-10.el8.noarch 1/1 Running scriptlet: epel-release-8-10.el8.noarch 1/1 Verifying : epel-release-8-10.el8.noarch 1/1 Installed: epel-release-8-10.el8.noarch Complete!
- clamd amavisd-new のインストール
[root@server02 ~]# dnf --enablerepo=epel install clamd amavisd-new perl-Archive-Tar Last metadata expiration check: 0:05:50 ago on Fri 28 May 2021 03:51:26 PM JST. Dependencies resolved. ============================================================================================================ Package Arch Version Repository Size ============================================================================================================ Installing: amavis noarch 2.12.1-5.el8 epel 413 k clamd x86_64 0.103.2-1.el8 epel 122 k perl-Archive-Tar noarch 2.30-1.el8 baseos 79 k Installing dependencies: altermime x86_64 0.3.10-21.el8 epel 66 k clamav-data noarch 0.103.2-1.el8 epel 213 M clamav-filesystem noarch 0.103.2-1.el8 epel 44 k clamav-lib x86_64 0.103.2-1.el8 epel 859 k emacs-filesystem noarch 1:26.1-5.el8 baseos 69 k libidn x86_64 1.34-5.el8 appstream 238 k libprelude x86_64 5.2.0-1.el8 epel 326 k libtool-ltdl x86_64 2.4.6-25.el8 baseos 58 k perl-Algorithm-Diff noarch 1.1903-9.el8 baseos 51 k perl-Archive-Zip noarch 1.60-3.el8 appstream 108 k perl-Authen-SASL noarch 2.16-13.el8 appstream 57 k perl-BerkeleyDB x86_64 0.63-2.el8 epel 154 k perl-Compress-Raw-Bzip2 x86_64 2.081-1.el8 baseos 40 k perl-Compress-Raw-Zlib x86_64 2.081-1.el8 baseos 68 k perl-Convert-ASN1 noarch 0.27-17.el8 appstream 60 k perl-Convert-BinHex noarch 1.125-13.el8 epel 49 k perl-Crypt-OpenSSL-Bignum x86_64 0.09-5.el8 appstream 46 k perl-Crypt-OpenSSL-RSA x86_64 0.31-1.el8 appstream 46 k perl-Crypt-OpenSSL-Random x86_64 0.15-3.el8 appstream 30 k perl-DB_File x86_64 1.842-1.el8 appstream 83 k perl-Data-Dump noarch 1.23-7.module_el8.3.0+2091+9eecfe51 appstream 36 k perl-Digest-HMAC noarch 1.03-17.module_el8.3.0+2091+9eecfe51 appstream 19 k perl-Digest-SHA x86_64 1:6.02-1.el8 appstream 66 k perl-Encode-Detect x86_64 1.01-28.el8 appstream 90 k perl-Encode-Locale noarch 1.05-10.module_el8.3.0+2091+9eecfe51 appstream 20 k perl-Error noarch 1:0.17025-2.el8 appstream 46 k perl-File-LibMagic x86_64 1.16-9.el8 epel 44 k perl-File-Listing noarch 6.04-17.module_el8.3.0+2091+9eecfe51 appstream 17 k perl-GSSAPI x86_64 0.28-23.el8 appstream 63 k perl-HTML-Parser x86_64 3.72-15.module_el8.3.0+2091+9eecfe51 appstream 118 k perl-HTML-Tagset noarch 3.20-34.module_el8.3.0+2091+9eecfe51 appstream 23 k perl-HTTP-Cookies noarch 6.04-2.module_el8.3.0+2091+9eecfe51 appstream 38 k perl-HTTP-Date noarch 6.02-19.module_el8.3.0+2091+9eecfe51 appstream 18 k perl-HTTP-Message noarch 6.18-1.module_el8.3.0+2091+9eecfe51 appstream 99 k perl-HTTP-Negotiate noarch 6.01-19.module_el8.3.0+2091+9eecfe51 appstream 21 k perl-IO-Compress noarch 2.081-1.el8 baseos 258 k perl-IO-HTML noarch 1.001-11.module_el8.3.0+2091+9eecfe51 appstream 27 k perl-IO-Multiplex noarch 1.16-9.el8 appstream 31 k perl-IO-Socket-INET6 noarch 2.72-12.el8 appstream 33 k perl-IO-String noarch 1.08-32.el8 appstream 20 k perl-IO-Zlib noarch 1:1.10-419.el8 baseos 79 k perl-IO-stringy noarch 2.111-9.el8 powertools 71 k perl-JSON noarch 2.97.001-2.el8 appstream 96 k perl-LWP-MediaTypes noarch 6.02-15.module_el8.3.0+2091+9eecfe51 appstream 28 k perl-MIME-tools noarch 5.509-9.el8 epel 249 k perl-Mail-DKIM noarch 0.54-1.el8 appstream 162 k perl-Mail-SPF noarch 2.9.0-15.el8 appstream 152 k perl-MailTools noarch 2.20-2.el8 appstream 112 k perl-Math-BigInt noarch 1:1.9998.11-7.el8 baseos 195 k perl-Math-Complex noarch 1.59-419.el8 baseos 107 k perl-NTLM noarch 1.09-17.module_el8.3.0+2091+9eecfe51 appstream 23 k perl-Net-DNS noarch 1.15-1.el8 appstream 369 k perl-Net-HTTP noarch 6.17-2.module_el8.3.0+2091+9eecfe51 appstream 42 k perl-Net-LibIDN x86_64 0.12-35.el8 epel 34 k perl-Net-SMTP-SSL noarch 1.04-5.el8 appstream 15 k perl-Net-Server noarch 2.009-3.el8 appstream 208 k perl-NetAddr-IP x86_64 4.079-7.el8 appstream 132 k perl-Razor-Agent x86_64 2.85-33.el8 epel 123 k perl-Socket6 x86_64 0.28-6.el8 appstream 36 k perl-Sys-Syslog x86_64 0.35-397.el8 appstream 50 k perl-Text-Diff noarch 1.45-2.el8 baseos 45 k perl-Text-Soundex x86_64 3.05-8.el8 appstream 31 k perl-Text-Unidecode noarch 1.30-5.el8 appstream 149 k perl-Time-HiRes x86_64 4:1.9758-2.el8 appstream 60 k perl-TimeDate noarch 1:2.30-15.module_el8.3.0+2091+9eecfe51 appstream 52 k perl-Try-Tiny noarch 0.30-7.module_el8.3.0+2091+9eecfe51 appstream 44 k perl-Unix-Syslog x86_64 1.1-29.el8 appstream 35 k perl-WWW-RobotRules noarch 6.02-18.module_el8.3.0+2091+9eecfe51 appstream 21 k perl-common-sense x86_64 3.7.4-8.el8 powertools 35 k perl-libwww-perl noarch 6.34-1.module_el8.3.0+2091+9eecfe51 appstream 212 k perl-version x86_64 6:0.99.24-1.el8 appstream 67 k procmail x86_64 3.22-47.el8 appstream 180 k Installing weak dependencies: arj x86_64 3.10.22-30.el8 epel 184 k binutils x86_64 2.30-93.el8 baseos 5.8 M cabextract x86_64 1.9-7.el8 epel 73 k freeze x86_64 2.5.0-26.el8 epel 38 k lzop x86_64 1.03-20.el8 baseos 62 k nomarch x86_64 1.4-21.el8 epel 26 k p7zip x86_64 16.02-20.el8 epel 683 k p7zip-plugins x86_64 16.02-20.el8 epel 1.0 M perl-Convert-TNEF noarch 0.18-17.el8 epel 26 k perl-Convert-UUlib x86_64 3:1.8-1.el8 epel 243 k perl-DBD-SQLite x86_64 1.58-2.module_el8.3.0+2074+0df5c3bb appstream 192 k perl-DBI x86_64 1.641-3.module_el8.3.0+2054+fbe55708 appstream 739 k perl-LDAP noarch 1:0.66-7.el8 appstream 386 k spamassassin x86_64 3.4.4-3.el8 appstream 1.3 M unzoo x86_64 4.4-27.el8 epel 30 k Enabling module streams: perl-DBD-SQLite 1.58 perl-DBI 1.641 Transaction Summary ============================================================================================================ Install 90 Packages Total download size: 231 M Installed size: 268 M Is this ok [y/N]: y (以下省略)
- opendkim のインストール
[root@server02]# dnf install opendkim Last metadata expiration check: 0:23:36 ago on Fri 28 May 2021 03:51:26 PM JST. Dependencies resolved. ============================================================================================================ Package Architecture Version Repository Size ============================================================================================================ Installing: opendkim x86_64 2.11.0-0.17.el8 epel 284 k Installing dependencies: libbsd x86_64 0.9.1-4.el8 epel 106 k libmemcached-libs x86_64 1.0.18-15.el8 appstream 137 k libopendkim x86_64 2.11.0-0.17.el8 epel 81 k opendbx x86_64 1.4.6-21.el8 epel 56 k sendmail-milter x86_64 8.15.2-34.el8 appstream 81 k Transaction Summary ============================================================================================================ Install 6 Packages Total download size: 745 k Installed size: 1.8 M Is this ok [y/N]: y Downloading Packages: (1/6): libbsd-0.9.1-4.el8.x86_64.rpm 367 kB/s | 106 kB 00:00 (2/6): libopendkim-2.11.0-0.17.el8.x86_64.rpm 2.0 MB/s | 81 kB 00:00 (3/6): sendmail-milter-8.15.2-34.el8.x86_64.rpm 236 kB/s | 81 kB 00:00 (4/6): libmemcached-libs-1.0.18-15.el8.x86_64.rpm 385 kB/s | 137 kB 00:00 (5/6): opendbx-1.4.6-21.el8.x86_64.rpm 1.5 MB/s | 56 kB 00:00 (6/6): opendkim-2.11.0-0.17.el8.x86_64.rpm 1.8 MB/s | 284 kB 00:00 ------------------------------------------------------------------------------------------------------------ Total 768 kB/s | 745 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libbsd-0.9.1-4.el8.x86_64 1/6 Installing : libopendkim-2.11.0-0.17.el8.x86_64 2/6 Installing : opendbx-1.4.6-21.el8.x86_64 3/6 Installing : sendmail-milter-8.15.2-34.el8.x86_64 4/6 Running scriptlet: sendmail-milter-8.15.2-34.el8.x86_64 4/6 Installing : libmemcached-libs-1.0.18-15.el8.x86_64 5/6 Running scriptlet: opendkim-2.11.0-0.17.el8.x86_64 6/6 Installing : opendkim-2.11.0-0.17.el8.x86_64 6/6 Running scriptlet: opendkim-2.11.0-0.17.el8.x86_64 6/6 Verifying : libmemcached-libs-1.0.18-15.el8.x86_64 1/6 Verifying : sendmail-milter-8.15.2-34.el8.x86_64 2/6 Verifying : libbsd-0.9.1-4.el8.x86_64 3/6 Verifying : libopendkim-2.11.0-0.17.el8.x86_64 4/6 Verifying : opendbx-1.4.6-21.el8.x86_64 5/6 Verifying : opendkim-2.11.0-0.17.el8.x86_64 6/6 Installed: libbsd-0.9.1-4.el8.x86_64 libmemcached-libs-1.0.18-15.el8.x86_64 libopendkim-2.11.0-0.17.el8.x86_64 opendbx-1.4.6-21.el8.x86_64 opendkim-2.11.0-0.17.el8.x86_64 sendmail-milter-8.15.2-34.el8.x86_64 Complete!
Postfix関連等 設定ファイル
- /etc/postfix/main.cf の修正(修正差分のみ)
[root@server02 postfix]# diff main.cf main.cf.old 96d95 < myhostname = mail.yamasnet.com 104d102 < mydomain = yamasnet.com 120c118 < myorigin = $mydomain --- > #myorigin = $mydomain 134c132 < inet_interfaces = all --- > #inet_interfaces = all 137c135 < #inet_interfaces = localhost --- > inet_interfaces = localhost 185,186c183,184 < #mydestination = $myhostname, localhost.$mydomain, localhost < mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain --- > mydestination = $myhostname, localhost.$mydomain, localhost > #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain 258c256 < # On Linux, this does works correctly only with interfaces specified --- > # On Linux, this works correctly only with interfaces specified 288d285 < mynetworks = 127.0.0.0/8, 192.168.11.0/24 441c438 < home_mailbox = Maildir/ --- > #home_mailbox = Maildir/ 596,597d592 < smtpd_banner = $myhostname ESMTP < 714c709 < #smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem --- > smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem 720c715 < #smtpd_tls_key_file = /etc/pki/tls/private/postfix.key --- > smtpd_tls_key_file = /etc/pki/tls/private/postfix.key 744,775d738 < < #for SMTP-Auth settings < < smtpd_sasl_type = dovecot < smtpd_sasl_path = private/auth < smtpd_sasl_auth_enable = yes < smtpd_sasl_security_options = noanonymous < smtpd_sasl_local_domain = $myhostname < #smtpd_client_restrictions = permit_mynetworks,reject_unknown_client,permit < smtpd_client_restrictions = permit_mynetworks,permit < smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject < < # for tls letsencrypt < smtpd_use_tls = yes < smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 < smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 < smtpd_tls_cert_file = /etc/letsencrypt/live/yamasnet.com/fullchain.pem < smtpd_tls_key_file = /etc/letsencrypt/live/yamasnet.com/privkey.pem < smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache < < content_filter=smtp-amavis:[127.0.0.1]:10024 < < # for spam < < disable_vrfy_command = yes < smtpd_helo_required = yes < < # for DKIM < #smtpd_milters = inet:127.0.0.1:8891 < #non_smtpd_milters = inet:127.0.0.1:8891 < #milter_default_action = accep <
- /etc/postfix/master.cfの修正(修正差分のみ)
[root@server02 postfix]# diff master.cf master.cf.old 17,18c17,18 < submission inet n - n - - smtpd < -o syslog_name=postfix/submission --- > #submission inet n - n - - smtpd > # -o syslog_name=postfix/submission 20c20 < -o smtpd_sasl_auth_enable=yes --- > # -o smtpd_sasl_auth_enable=yes 29,32c29,32 < smtps inet n - n - - smtpd < -o syslog_name=postfix/smtps < -o smtpd_tls_wrappermode=yes < -o smtpd_sasl_auth_enable=yes --- > #smtps inet n - n - - smtpd > # -o syslog_name=postfix/smtps > # -o smtpd_tls_wrappermode=yes > # -o smtpd_sasl_auth_enable=yes 66a67 > postlog unix-dgram n - n - 1 postlogd 81c82 < # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} --- > # flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} 100c101 < # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} --- > # flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} 131c132 < # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py --- > # flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py 133,153d133 < smtp-amavis unix - - n - 2 smtp < -o smtp_data_done_timeout=1200 < -o smtp_send_xforward_command=yes < -o disable_dns_lookups=yes < 127.0.0.1:10025 inet n - n - - smtpd < -o content_filter= < -o local_recipient_maps= < -o relay_recipient_maps= < -o smtpd_restriction_classes= < -o smtpd_client_restrictions= < -o smtpd_helo_restrictions= < -o smtpd_sender_restrictions= < -o smtpd_recipient_restrictions=permit_mynetworks,reject < -o mynetworks=127.0.0.0/8 < -o strict_rfc821_envelopes=yes < -o smtpd_error_sleep_time=0 < -o smtpd_soft_error_limit=1001 < -o smtpd_hard_error_limit=1000 < -o smtpd_client_connection_count_limit=0 < -o smtpd_client_connection_rate_limit=0 < -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks - /etc/dovecot/conf.d の修正(修正分差分のみ)
[root@server02 dovecot]# diff conf.d conf.d.old diff conf.d/10-auth.conf conf.d.old/10-auth.conf 10c10 < disable_plaintext_auth = no --- > #disable_plaintext_auth = yes 100c100 < auth_mechanisms = plain login --- > auth_mechanisms = plain diff conf.d/10-mail.conf conf.d.old/10-mail.conf 30c30 < mail_location = maildir:~/Maildir --- > #mail_location = diff conf.d/10-master.conf conf.d.old/10-master.conf 107,111c107,109 < unix_listener /var/spool/postfix/private/auth { < mode = 0666 < user = postfix < group = postfix < } --- > #unix_listener /var/spool/postfix/private/auth { > # mode = 0666 > #} diff conf.d/10-ssl.conf conf.d.old/10-ssl.conf 8,9c8 < #ssl = required < ssl = yes --- > ssl = required 15,18c14,15 < #ssl_cert = </etc/pki/dovecot/certs/dovecot.pem < ssl_cert = </etc/letsencrypt/live/yamasnet.com/fullchain.pem < #ssl_key = </etc/pki/dovecot/private/dovecot.pem < ssl_key = </etc/letsencrypt/live/yamasnet.com/privkey.pem --- > ssl_cert = </etc/pki/dovecot/certs/dovecot.pem > ssl_key = </etc/pki/dovecot/private/dovecot.pem - /etc/clamd.d/scan.conf の修正(修正分のみ)
[root@server02 clamd.d]# diff scan.conf scan.conf.old 14c14 < LogFile /var/log/clamd.scan --- > #LogFile /var/log/clamd.scan 77c77 < PidFile /run/clamd.scan/clamd.pid --- > #PidFile /run/clamd.scan/clamd.pid 81c81 < TemporaryDirectory /var/tmp --- > #TemporaryDirectory /var/tmp 96c96 < LocalSocket /run/clamd.scan/clamd.sock --- > #LocalSocket /run/clamd.scan/clamd.sock
メールサーバの起動
[root@server02 ~]# systemctl start amavisd [root@server02 ~]# systemctl start clamd@amavisd [root@server02 ~]# systemctl start spamassassin [root@server02 ~]# systemctl start postfix [root@server02 ~]# systemctl start dovecot