#自宅や自社のネットワークの範囲を明示し、迷惑メールなどに悪用されないようにする。(192.168.24.0/24部分はお宅用に変更のこと)
# You can also specify the absolute pathname of a pattern file instead
# …
#mynetworks = hash:/etc/postfix/network_table mynetworks = 127.0.0.0/8, 192.168.24.0/24
#dovecot.confの設定
[root@ufuso ~]# vi /etc/dovecot/dovecot.conf
# A comma separated list of IPs or hosts where to listen in for connections.
# …
#listen = *, :: #追記。IPv6を無効化 listen = *
#10-auth.confの設定
[root@ufuso ~]# vi /etc/dovecot/conf.d/10-auth.conf
# Disable LOGIN command and all other plaintext authentications unless
# …
#disable_plaintext_auth = yes #追記。プレーンテキスト認証も許可 disable_plaintext_auth = no
# Space separated list of wanted authentication mechanisms:
# … #ログイン認証も許可
auth_mechanisms = plain login
#10-mail.confの設定
[root@ufuso ~]# vi /etc/dovecot/conf.d/10-mail.conf
# See doc/wiki/Variables.txt for full list. Some examples:
# …
#mail_location = #メールボックス形式をMaildir形式に mail_location = maildir:~/Maildir
#Dovecot再起動と自動起動設定
[root@ufuso ~]# systemctl enable --now dovecot
Created symlink /etc/systemd/system/multi-user.target.wants/dovecot.service → /usr/lib/systemd/system/dovecot.service.
Created symlink /etc/systemd/system/multi-user.target.wants/saslauthd.service → /usr/lib/systemd/system/saslauthd.service.
#main.cfの編集
[root@ufuso ~]# vi /etc/postfix/main.cf
…
# The full pathname of a file with the Postfix SMTP server RSA private key
# … #下行の行頭にに#を付加して無効にする #smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
# The full pathname of a file with the Postfix SMTP server RSA private key
#… #下行の行頭にに#を付加して無効にする #smtpd_tls_key_file = /etc/pki/tls/private/postfix.key #最下行に追記 (cert、keyファイルは自身が取得した証明書に置き換え) smtpd_use_tls = yes
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_cert_file = /etc/letsencrypt/live/ufuso.dip.jp/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/ufuso.dip.jp/privkey.pem
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
#master.cfの編集
[root@ufuso ~]# vi /etc/postfix/master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ========================================================================== #以下のこの色の#を削除する
smtp inet n – n – – smtpd
#smtp inet n – n – 1 postscreen
#smtpd pass – – n – – smtpd
#dnsblog unix – – n – 0 dnsblog
#tlsproxy unix – – n – 0 tlsproxy #submission inet n – n – – smtpd #-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt #-o smtpd_sasl_auth_enable=yes
# … #smtps inet n – n – – smtpd #-o syslog_name=postfix/smtps #-o smtpd_tls_wrappermode=yes #-o smtpd_sasl_auth_enable=yes
#10-master.confの設定
[root@ufuso ~]# vi /etc/dovecot/conf.d/10-master.conf
# Postfix smtp-auth #下行の#を削除して有効にする
unix_listener /var/spool/postfix/private/auth { #下行の#を削除して有効にする
mode = 0666 #追記 user = postfix #追記 group = postfix #下行の#を削除して有効にする
}
#10-ssl.confの設定
[root@ufuso ~]# vi /etc/dovecot/conf.d/10-ssl.conf
# SSL/TLS support: yes, no, required.
#…
# plain imap and pop3 are still allowed for local connections #行頭に#を付加 #ssl = required #sslを許可 ssl = yes
…
…
# PEM encoded X.509 SSL/TLS certificate and private key. They’re opened before
# …
# certificate, just make sure to update the domains in dovecot-openssl.cnf #行頭に#を付加 #ssl_cert = </etc/pki/dovecot/certs/dovecot.pem #行頭に#を付加 #ssl_key = </etc/pki/dovecot/private/dovecot.pem #Let’s Encrypt から取得したサーバ証明書の場所を明記 ssl_cert =</etc/letsencrypt/live/ufuso.dip.jp/fullchain.pem #Let’s Encrypt から取得した秘密鍵の場所を明記 ssl_key = </etc/letsencrypt/live/ufuso.dip.jp/privkey.pem #postfix再起動
[root@ufuso ~]# systemctl restart postfix dovecot
4.OP25B対策(SMTP-Auth機能)
(1)Postfix設定
#Gmailのsmtpサーバーを利用
[root@ufuso ~]# vi /etc/postfix/main.cf