Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

RockyLinux 8.4 ; Installing a mail server

1.Install Postfix and Dovecot

1-1.Install the required software.

[root@Lepard ~]# dnf -y install postfix dovecot cyrus-sasl cyrus-sasl-plain cyrus-sasl-devel
[root@Lepard ~]# systemctl enable postfix
[root@Lepard ~]# systemctl enable dovecot
[root@Lepard ~]# systemctl enable saslauthd

Check if Postfix is installed.
[root@Lepard ~]# rpm -qa | grep postfix
postfix-2.10.1-7.el7.x86_64

Check for sasl-related packages
[root@Lepard ~]# rpm -qa | grep sasl
cyrus-sasl-plain-2.1.26-23.el7.x86_64
cyrus-sasl-lib-2.1.26-23.el7.x86_64
cyrus-sasl-devel-2.1.26-23.el7.x86_64
cyrus-sasl-md5-2.1.26-23.el7.x86_64   If this is not present # dnf install cyrus-sasl-md5
cyrus-sasl-2.1.26-23.el7.x86_64

Register Postfix to the service.
[root@Lepard ~]# systemctl enable postfix.service
Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to
/usr/lib/systemd/system/postfix.service.

1-2.Preparation for user registration

①Prep for new users.
Set up the system to automatically send and receive emails when a new user is added.

[root@Lepard ~]# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
[root@Lepard ~]# chmod -R 700 /etc/skel/Maildir/
[root@Lepard ~]# echo “~/Maildir/”> /etc/skel/.forward
[root@Lepard ~]# chmod 600 /etc/skel/.forward

➁Preparing the email environment for existing users
Configure the settings so that the user you have already created (user [jimmy] in the example) can send and receive mail.

[root@Lepard ~]# mkdir -p /home/tama/Maildir/{new,cur,tmp}
[root@Lepard ~]# chown -R tama:tama /home/jimmy/Maildir/
[root@Lepard ~]# chmod 700 /home/jimmy/Maildir
[root@Lepard ~]# chmod 700 /home/jimmy/Maildir/{new,cur,tmp}

1-3.Editing the Postfix Configuration File

①Editing the SMTP Authentication Configuration File

Back up the SMTP authentication configuration file
[root@Lepard ~]# cp -p /etc/sasl2/smtpd.conf `date ‘+ /etc/sasl2/smtpd.conf.%Y%m%d’`
■ Insert “#” at the beginning of the first and second lines, and add the contents in red bold.
# pwcheck_method: saslauthd
# mech_list: plain login
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: cram-md5 digest-md5 plain login

➁Registering the saslauthd service

[root@Lepard ~]# systemctl enable saslauthd.service
Created symlink from /etc/systemd/system/multi -user.target.wants/saslauthd.service to
/usr/lib/systemd/sy stem/saslauthd.service.
[root@Lepard ~]# systemctl is-enabled saslauthd.service
enabled

Start saslauthd
[root@Lepard ~]# systemctl start saslauthd.service

➂Creating a sample Postfix user
This time, as an example, the user [rocky].

[root@Lepard ~]# useradd -s /sbin/nologin rocky
[root@Lepard ~]# passwd rocky        Setting the SMTP-AUTH Password

[root@Lepard ~]# echo “<Any password>” | saslpasswd2 -p -u <Domain Name> -c rocky
Check the registered user and change the group permissions in /etc/sasldb2 so that postfix can read it
Change to the postfix group、

[root@Lepard ~]# sasldblistusers2
jimmy@<Domain Name>: userPassword
[root@Lepard ~]# chgrp postfix /etc/sasldb2

④Editing the Postfix Configuration File

[root@Lepard ~]# vi /etc/postfix/main.cf

Editorial content

■Add around line 96
#myhostname = virtual.domain.tld
myhostname = mail.<Self Domain Name>
■Add your domain name around line 103.
#mydomain = domain.tld
mydomain = <Self Domain Name>
■Add around line 119
#myorigin = $mydomain
myorigin = $mydomain
■Add “inet_interfaces = localhost” around line 135, insert “#” at the beginning of the line, and add “inet_interfaces = all” below it
#inet_interfaces = localhost
inet_interfaces = all
■Additional comment out around line 183 and added below it
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
■Check around line 241.
Make sure it returns an error message (550)
unknown_local_recipient_reject_code = 550
■Add around line 287
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 192.168.11.0/24, 127.0.0.0/8
[192.168.11.0/24 to match your environment: ・・・・] ■Check around line 406.
alias_maps = hash:/etc/aliases
■Added around line 440 Setting the mail storage format
#home_mailbox = Mailbox
#home_mailbox = Maildir/
home_mailbox = Maildir/
■Add around line 447
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
mail_spool_directory = /var/spool/mail
■Add around line 594
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP unknown
■Add the following to the last line
allow_percent_hack = no
# smtp auth を利用
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients = yes
allow_min_user=yes
message_size_limit = 10485760
disable_vrfy_command = yes
virtual_maps = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual

⑤Configure the submission port (port 587)

[root@Lepard ~]# vi /etc/postfix/master.cf

1Delete the “#” at the beginning of lines 16 and 19 After the change, the following is shown
submission inet n – n – – smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes

⑥Start Postfix.

[root@Lepard ~]# postmap hash:/etc/postfix/virtual
[root@Lepard ~]# systemctl start postfix.service

1-4.Edit the Dovecot configuration file

①Edit the dovecot.conf file

Back up the dovecot.conf file
[root@Lepard ~]# cp -p /etc/dovecot/dovecot.conf `date ‘+ /etc/dovecot/dovecot.conf.%Y%m%d’`
[root@Lepard ~]# vi /etc/dovecot/dovecot.conf

Editing the dovecot.conf file
■Add around line 25
「# protocols = imap pop3 lmtp
protocols = imap pop3

■Add to last line
!include_try local.conf
disable_plaintext_auth = no
mail_location = maildir:~/Maildir

➁Edit the 10-ssl.conf file

[root@Lepard ~]# vi /etc/dovecot/conf.d/10-ssl.conf

■ Per line 8 Insert “#” at the beginning of the line “ssl = required” and add “ssl = yes” at the bottom of the line

➂Register dovecot as a service and start it.

[root@Lepard ~]# systemctl enable dovecot.service
[root@Lepard ~]# systemctl start dovecot.service

2.Postfix + Clamav + Amavisd

①Install Amavisd and Clamav Server

[root@Lepard ~]# dnf –enablerepo=epel,powertools -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy

➁Edit configuration file

[root@Lepard ~]# vi /etc/clamd.d/scan.conf
■Line 8: Make it a comment.
#Example
■Line 14: uncomment
LogFile /var/log/clamd.scan
■Line 77: uncomment
PidFile /run/clamd.scan/clamd.pid
■Line 81: uncomment
TemporaryDirectory /var/tmp
■Line 96: uncomment
LocalSocket /run/clamd.scan/clamd.sock
[root@Lepard ~]# touch /var/log/clamd.scan
[root@Lepard ~]# chown clamscan. /var/log/clamd.scan
[root@Lepard ~]# systemctl enable –now clamd@scan

➂Configure and start Amavisd

[root@Lepard ~]# vi /etc/amavisd/amavisd.conf

Edit amavisd.conf

■Remove the “#” at the beginning of the line around line 13
@bypass_spam_checks_maps = (1); # controls running of anti-spam code
■Line 23: Change to own domain name
$mydomain = ‘<own domain>’;
■Per line 28 Add “#” to the beginning of the line to disable it
#$QUARANTINEDIR = undef; # -Q
■Add a “#” to the beginning of the line around line 125 to disable it
# $virus_admin = undef; # notifications recip
■Line 158: Uncomment and change to your own host name.
$myhostname = ‘mail.<own domain>’;
■Remove the “#” at the beginning of the line per line 163
$notify_method = ‘smtp:[127.0.0.1]:10025’;
$forward_method = ‘smtp:[127.0.0.1]:10025’; # set to undef with milter!
[root@Lepard ~]# systemctl enable –now amavisd

④Postfix Configuration

[root@Lepard ~]# vi /etc/postfix/main.cf
# Add to last line
content_filter=smtp-amavis:[127.0.0.1]:10024

[root@Lepard ~]# vi /etc/postfix/master.cf
# Add the following table to the last line
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
[root@Lepard ~]# systemctl restart postfix

3.Anti-spam settings

①Install SpamAssassin to prevent spam.

[root@Lepard ~]# dnf -y install –enablerepo=epel spamassassin spamass-milter-postfix
[root@Lepard ~]# systemctl start spamassassin
[root@Lepard ~]# systemctl enable spamassassin

➁Configuring SpamAssassin

[root@Lepard ~]# vi /etc/mail/spamassassin/v310.pre

■Enable the TextCat plugin by removing the # at the beginning of the line per line 24
loadplugin Mail::SpamAssassin::Plugin::DCC

➂Install a script to update the SpamAssassin configuration file.

[root@Lepard ~]# vi /opt/spamassassin-update.sh
#!/bin/bash 

cd /etc/mail/spamassassin
wget -q https://github.com/kittyfreak/spamassassin_user_prefs/archive/refs/heads/main.zip 
[ $? -ne 0 ] && exit 
unzip main.zip >/dev/null 2>&1 
[ $? -ne 0 ] && exit 
rm -f main.zip 

mv spamassassin_user_prefs-main/user_prefs . 
rm -rf spamassassin_user_prefs-main
diff user_prefs user_prefs.org > /dev/null 2>&1 
if [ $? -ne 0 ]; then 
cp user_prefs local.cf 

# Do not use attachment format for emails that are judged as spam.
echo “report_safe 0” >> local.cf 

# Add “***SPAM***” to the subject line of emails judged to be spam.
echo “rewrite_header Subject ***SPAM***” >> local.cf 

# Restart SpamAssassin
systemctl restart spamassassin.service > /dev/null 
fi 
cp user_prefs user_prefs.org

④Grant execute permission to the spamassassin-update script and run it.

[root@Lepard ~]# chmod 700 /opt/spamassassin-update.sh
[root@Lepard ~]# /opt/spamassassin-update.sh

Make sure that the SpamAssassin configuration file is created in the /etc/mail/spamassassin directory on the current date.
directory as of the current date.

[root@Lepard ~]# ls -l /etc/mail/spamassassin
drwxr-xr-x 2 root root 59 6 月 7 20:02 channel.d
-rw-r–r– 1 root root 1289 10 月16 2018 init.pre
-rw-r–r– 1 root root 486543 9 月 11 20:24 local.cf ←Check that the date is the same as the execution date.
drwx—— 2 root root 6 10 月16 2018 sa-update-keys
-rw-r–r– 1 root root 62 10 月16 2018 spamassassin-default.rc

⑤Configuring Postfix to incorporate SpamAssassin

[root@Lepard ~]# vi /etc/postfix/master.cf

■Add a “#” to the beginning of the line around line 11 and add SpamAssassin settings on line 12
# smtp inet n – n – – smtpd
smtp inet n – n – – smtpd -o content_filter=spamassassin
■Add to last line

spamassassin unix – n n – – pipe
user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient}   

⑥Edit the /etc/postfix/main.cf file

[root@Lepard ~]# vi /etc/postfix/main.cf

■Add the following information to the last line
content_filter=smtp-amavis:[127.0.0.1]:10024

Restart postfix.
[root@Lepard ~]# systemctl restart postfix

タイトルとURLをコピーしました