Contents
1.Install Postfix and Dovecot
1-1.Install the required software.
|
1 2 3 4 |
# dnf -y install postfix dovecot cyrus-sasl cyrus-sasl-plain cyrus-sasl-devel # systemctl enable postfix # systemctl enable dovecot # systemctl enable saslauthd |
|
1 2 |
# rpm -qa | grep postfix postfix-2.10.1-7.el7.x86_64 |
|
1 2 3 4 5 6 |
# rpm -qa | grep sasl cyrus-sasl-plain-2.1.26-23.el7.x86_64 cyrus-sasl-lib-2.1.26-23.el7.x86_64 cyrus-sasl-devel-2.1.26-23.el7.x86_64 cyrus-sasl-md5-2.1.26-23.el7.x86_64 If this is not present # dnf install cyrus-sasl-md5 cyrus-sasl-2.1.26-23.el7.x86_64 |
|
1 2 3 |
# systemctl enable postfix.service Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service. |
1-2.Preparation for user registration
①Prep for new users.
Set up the system to automatically send and receive emails when a new user is added.
|
1 2 3 4 |
# mkdir -p /etc/skel/Maildir/{new,cur,tmp} # chmod -R 700 /etc/skel/Maildir/ # echo "~/Maildir/"> /etc/skel/.forward # chmod 600 /etc/skel/.forward |
➁Preparing the email environment for existing users
Configure the settings so that the user you have already created (user [tama] in the example) can send and receive mail.
|
1 2 3 4 |
# mkdir -p /home/tama/Maildir/{new,cur,tmp} # chown -R tama:tama /home/tama/Maildir/ # chmod 700 /home/tama/Maildir # chmod 700 /home/tama/Maildir/{new,cur,tmp} |
1-3.Editing the Postfix Configuration File
①Editing the SMTP Authentication Configuration File
Back up the SMTP authentication configuration file
|
1 |
# cp -p /etc/sasl2/smtpd.conf `date '+ /etc/sasl2/smtpd.conf.%Y%m%d'` |
|
1 2 3 4 5 6 7 8 |
# vi /etc/sasl2/smtpd.conf ■ Insert "#" at the beginning of the first and second lines, and add the contents # pwcheck_method: saslauthd # mech_list: plain login pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: cram-md5 digest-md5 plain login |
➁Registering the saslauthd service
|
1 2 3 |
# systemctl enable saslauthd.service Created symlink from /etc/systemd/system/multi -user.target.wants/saslauthd.service to /usr/lib/systemd/sy stem/saslauthd.service. |
|
1 2 |
# systemctl is-enabled saslauthd.service enabled |
Start saslauthd
|
1 |
# systemctl start saslauthd.service |
➂Creating a sample Postfix user
This time, as an example, the user [rocky].
|
1 |
# useradd -s /sbin/nologin rocky |
|
1 2 3 4 5 |
# passwd rocky Change password for user rocky New password: ← Enter the password. Retype new password: ←Enter password again. passwd: All authentication tokens have been updated correctly. |
The password you set will be used for receiving mail (POP)
Setting the SMTP-AUTH Password
|
1 |
# echo "<Any password>" | saslpasswd2 -p -u <Domain Name> -c rocky |
Check the registered user and change the group permissions in /etc/sasldb2 so that postfix can read it
Change to the postfix group、
|
1 2 |
# sasldblistusers2 rocky@<Domain Name>: userPassword |
|
1 |
# chgrp postfix /etc/sasldb2 |
④Editing the Postfix Configuration File
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# vi /etc/postfix/main.cf ■Add around line 96 #myhostname = virtual.domain.tld myhostname = mail.<Self Domain Name> ■Add your domain name around line 103. #mydomain = domain.tld mydomain = <Self Domain Name> ■Add around line 119 #myorigin = $mydomain myorigin = $mydomain ■Add "inet_interfaces = localhost" around line 135, insert "#" at the beginning of the line, and add "inet_interfaces = all" below it #inet_interfaces = localhost inet_interfaces = all ■Additional comment out around line 183 and added below it #mydestination = $myhostname, localhost.$mydomain, localhost mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain ■Check around line 241. Make sure it returns an error message (550) unknown_local_recipient_reject_code = 550 ■Add around line 287 #mynetworks = hash:/etc/postfix/network_table mynetworks = 192.168.11.0/24, 127.0.0.0/8 [192.168.11.0/24 to match your environment: ・・・・] ■Check around line 406. alias_maps = hash:/etc/aliases ■Added around line 440 Setting the mail storage format #home_mailbox = Mailbox #home_mailbox = Maildir/ home_mailbox = Maildir/ ■Add around line 447 #mail_spool_directory = /var/mail #mail_spool_directory = /var/spool/mail mail_spool_directory = /var/spool/mail ■Add around line 594 #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_banner = $myhostname ESMTP unknown ■Add the following to the last line allow_percent_hack = no # smtp auth を利用 smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination broken_sasl_auth_clients = yes allow_min_user=yes message_size_limit = 10485760 disable_vrfy_command = yes virtual_maps = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual |
⑤Configure the submission port (port 587)
|
1 2 3 4 5 6 7 |
# vi /etc/postfix/master.cf 1Delete the "#" at the beginning of lines 16 and 19 After the change, the following is shown submission inet n - n - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes |
⑥Start Postfix.
|
1 2 |
# postmap hash:/etc/postfix/virtual # systemctl start postfix.service |
1-4.Edit the Dovecot configuration file
①Edit the dovecot.conf file
Back up the dovecot.conf file
|
1 |
# cp -p /etc/dovecot/dovecot.conf `date '+ /etc/dovecot/dovecot.conf.%Y%m%d'` |
|
1 2 3 4 5 6 7 8 9 |
# vi /etc/dovecot/dovecot.conf ■Add around line 25 「# protocols = imap pop3 lmtp protocols = imap pop3 ■Add to last line !include_try local.conf disable_plaintext_auth = no mail_location = maildir:~/Maildir |
➁Edit the 10-ssl.conf file
|
1 2 3 |
# vi /etc/dovecot/conf.d/10-ssl.conf ■ Per line 8 Insert "#" at the beginning of the line "ssl = required" and add "ssl = yes" at the bottom of the line |
➂Register dovecot as a service and start it.
|
1 2 |
# systemctl enable dovecot.service # systemctl start dovecot.service |
2.Postfix + Clamav + Amavisd
①Install Amavisd and Clamav Server
|
1 |
# dnf --enablerepo=epel,powertools -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy |
➁Edit configuration file
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# vi /etc/clamd.d/scan.conf ■Line 8: Make it a comment. #Example ■Line 14: uncomment LogFile /var/log/clamd.scan ■Line 77: uncomment PidFile /run/clamd.scan/clamd.pid ■Line 81: uncomment TemporaryDirectory /var/tmp ■Line 96: uncomment LocalSocket /run/clamd.scan/clamd.sock |
|
1 2 3 |
# touch /var/log/clamd.scan # chown clamscan. /var/log/clamd.scan # systemctl enable --now clamd@scan |
➂Configure and start Amavisd
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# vi /etc/amavisd/amavisd.conf ■Remove the "#" at the beginning of the line around line 13 @bypass_spam_checks_maps = (1); # controls running of anti-spam code ■Line 23: Change to own domain name $mydomain = '<own domain>'; ■Per line 28 Add "#" to the beginning of the line to disable it #$QUARANTINEDIR = undef; # -Q ■Add a "#" to the beginning of the line around line 125 to disable it # $virus_admin = undef; # notifications recip ■Line 158: Uncomment and change to your own host name. $myhostname = 'mail.<own domain>'; ■Remove the "#" at the beginning of the line per line 163 $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! |
|
1 |
# systemctl enable --now amavisd |
④Postfix Configuration
|
1 2 3 4 |
# vi /etc/postfix/main.cf # Add to last line content_filter=smtp-amavis:[127.0.0.1]:10024 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# vi /etc/postfix/master.cf # Add the following table to the last line smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 |
|
1 |
# systemctl restart postfix |
3.Anti-spam settings
①Install SpamAssassin to prevent spam.
|
1 2 3 |
# dnf -y install --enablerepo=epel spamassassin spamass-milter-postfix # systemctl start spamassassin # systemctl enable spamassassin |
➁Configuring SpamAssassin
|
1 2 3 4 |
# vi /etc/mail/spamassassin/v310.pre ■Enable the TextCat plugin by removing the # at the beginning of the line per line 24 loadplugin Mail::SpamAssassin::Plugin::DCC |
➂Install a script to update the SpamAssassin configuration file.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# vi /opt/spamassassin-update.sh #!/bin/bash cd /etc/mail/spamassassin wget -q https://github.com/kittyfreak/spamassassin_user_prefs/archive/refs/heads/main.zip [ $? -ne 0 ] && exit unzip main.zip >/dev/null 2>&1 [ $? -ne 0 ] && exit rm -f main.zip mv spamassassin_user_prefs-main/user_prefs . rm -rf spamassassin_user_prefs-main diff user_prefs user_prefs.org > /dev/null 2>&1 if [ $? -ne 0 ]; then cp user_prefs local.cf # Do not use attachment format for emails that are judged as spam. echo "report_safe 0" >> local.cf # Add "***SPAM***" to the subject line of emails judged to be spam. echo "rewrite_header Subject ***SPAM***" >> local.cf # Restart SpamAssassin systemctl restart spamassassin.service > /dev/null fi cp user_prefs user_prefs.org |
④Grant execute permission to the spamassassin-update script and run it.
|
1 2 |
# chmod 700 /opt/spamassassin-update.sh # /opt/spamassassin-update.sh |
Make sure that the SpamAssassin configuration file is created in the /etc/mail/spamassassin directory on the current date.
directory as of the current date.
|
1 2 3 4 5 6 |
# ls -l /etc/mail/spamassassin drwxr-xr-x 2 root root 59 6 月 7 20:02 channel.d -rw-r--r-- 1 root root 1289 10 月16 2018 init.pre -rw-r--r-- 1 root root 486543 9 月 11 20:24 local.cf ←Check that the date is the same as the execution date. drwx------ 2 root root 6 10 月16 2018 sa-update-keys -rw-r--r-- 1 root root 62 10 月16 2018 spamassassin-default.rc |
|
1 2 3 4 5 6 7 8 |
# vi /etc/postfix/master.cf ■Add a "#" to the beginning of the line around line 11 and add SpamAssassin settings on line 12 # smtp inet n - n - - smtpd smtp inet n - n - - smtpd -o content_filter=spamassassin ■Add to last line spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient} |
|
1 2 3 4 |
# vi /etc/postfix/main.cf ■Add the following information to the last line content_filter=smtp-amavis:[127.0.0.1]:10024 |
|
1 |
# systemctl restart postfix |