Contents
1.Install Postfix and Dovecot
1-1.Install the required software.
| [root@Lepard ~]# dnf -y install postfix dovecot cyrus-sasl cyrus-sasl-plain cyrus-sasl-devel [root@Lepard ~]# systemctl enable postfix [root@Lepard ~]# systemctl enable dovecot [root@Lepard ~]# systemctl enable saslauthd Check if Postfix is installed. [root@Lepard ~]# rpm -qa | grep postfix postfix-2.10.1-7.el7.x86_64 Check for sasl-related packages [root@Lepard ~]# rpm -qa | grep sasl cyrus-sasl-plain-2.1.26-23.el7.x86_64 cyrus-sasl-lib-2.1.26-23.el7.x86_64 cyrus-sasl-devel-2.1.26-23.el7.x86_64 cyrus-sasl-md5-2.1.26-23.el7.x86_64 If this is not present # dnf install cyrus-sasl-md5 cyrus-sasl-2.1.26-23.el7.x86_64 Register Postfix to the service. [root@Lepard ~]# systemctl enable postfix.service Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service. |
1-2.Preparation for user registration
①Prep for new users.
Set up the system to automatically send and receive emails when a new user is added.
| [root@Lepard ~]# mkdir -p /etc/skel/Maildir/{new,cur,tmp} [root@Lepard ~]# chmod -R 700 /etc/skel/Maildir/ [root@Lepard ~]# echo “~/Maildir/”> /etc/skel/.forward [root@Lepard ~]# chmod 600 /etc/skel/.forward |
➁Preparing the email environment for existing users
Configure the settings so that the user you have already created (user [jimmy] in the example) can send and receive mail.
| [root@Lepard ~]# mkdir -p /home/tama/Maildir/{new,cur,tmp} [root@Lepard ~]# chown -R tama:tama /home/jimmy/Maildir/ [root@Lepard ~]# chmod 700 /home/jimmy/Maildir [root@Lepard ~]# chmod 700 /home/jimmy/Maildir/{new,cur,tmp} |
1-3.Editing the Postfix Configuration File
①Editing the SMTP Authentication Configuration File
| Back up the SMTP authentication configuration file [root@Lepard ~]# cp -p /etc/sasl2/smtpd.conf `date ‘+ /etc/sasl2/smtpd.conf.%Y%m%d’` ■ Insert “#” at the beginning of the first and second lines, and add the contents in red bold. # pwcheck_method: saslauthd # mech_list: plain login pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: cram-md5 digest-md5 plain login |
➁Registering the saslauthd service
| [root@Lepard ~]# systemctl enable saslauthd.service Created symlink from /etc/systemd/system/multi -user.target.wants/saslauthd.service to /usr/lib/systemd/sy stem/saslauthd.service. [root@Lepard ~]# systemctl is-enabled saslauthd.service enabled Start saslauthd [root@Lepard ~]# systemctl start saslauthd.service |
➂Creating a sample Postfix user
This time, as an example, the user [rocky].
| [root@Lepard ~]# useradd -s /sbin/nologin rocky [root@Lepard ~]# passwd rocky Setting the SMTP-AUTH Password [root@Lepard ~]# echo “<Any password>” | saslpasswd2 -p -u <Domain Name> -c rocky Check the registered user and change the group permissions in /etc/sasldb2 so that postfix can read it Change to the postfix group、 [root@Lepard ~]# sasldblistusers2 jimmy@<Domain Name>: userPassword [root@Lepard ~]# chgrp postfix /etc/sasldb2 |
④Editing the Postfix Configuration File
| [root@Lepard ~]# vi /etc/postfix/main.cf |
Editorial content
| ■Add around line 96 #myhostname = virtual.domain.tld myhostname = mail.<Self Domain Name> ■Add your domain name around line 103. #mydomain = domain.tld mydomain = <Self Domain Name> ■Add around line 119 #myorigin = $mydomain myorigin = $mydomain ■Add “inet_interfaces = localhost” around line 135, insert “#” at the beginning of the line, and add “inet_interfaces = all” below it #inet_interfaces = localhost inet_interfaces = all ■Additional comment out around line 183 and added below it #mydestination = $myhostname, localhost.$mydomain, localhost mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain ■Check around line 241. Make sure it returns an error message (550) unknown_local_recipient_reject_code = 550 ■Add around line 287 #mynetworks = hash:/etc/postfix/network_table mynetworks = 192.168.11.0/24, 127.0.0.0/8 [192.168.11.0/24 to match your environment: ・・・・] ■Check around line 406. alias_maps = hash:/etc/aliases ■Added around line 440 Setting the mail storage format #home_mailbox = Mailbox #home_mailbox = Maildir/ home_mailbox = Maildir/ ■Add around line 447 #mail_spool_directory = /var/mail #mail_spool_directory = /var/spool/mail mail_spool_directory = /var/spool/mail ■Add around line 594 #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_banner = $myhostname ESMTP unknown ■Add the following to the last line allow_percent_hack = no # smtp auth を利用 smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination broken_sasl_auth_clients = yes allow_min_user=yes message_size_limit = 10485760 disable_vrfy_command = yes virtual_maps = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual |
⑤Configure the submission port (port 587)
| [root@Lepard ~]# vi /etc/postfix/master.cf 1Delete the “#” at the beginning of lines 16 and 19 After the change, the following is shown |
⑥Start Postfix.
| [root@Lepard ~]# postmap hash:/etc/postfix/virtual [root@Lepard ~]# systemctl start postfix.service |
1-4.Edit the Dovecot configuration file
①Edit the dovecot.conf file
| Back up the dovecot.conf file [root@Lepard ~]# cp -p /etc/dovecot/dovecot.conf `date ‘+ /etc/dovecot/dovecot.conf.%Y%m%d’` [root@Lepard ~]# vi /etc/dovecot/dovecot.conf |
| Editing the dovecot.conf file ■Add around line 25 「# protocols = imap pop3 lmtp protocols = imap pop3 ■Add to last line !include_try local.conf disable_plaintext_auth = no mail_location = maildir:~/Maildir |
➁Edit the 10-ssl.conf file
| [root@Lepard ~]# vi /etc/dovecot/conf.d/10-ssl.conf ■ Per line 8 Insert “#” at the beginning of the line “ssl = required” and add “ssl = yes” at the bottom of the line |
➂Register dovecot as a service and start it.
| [root@Lepard ~]# systemctl enable dovecot.service [root@Lepard ~]# systemctl start dovecot.service |
2.Postfix + Clamav + Amavisd
①Install Amavisd and Clamav Server
| [root@Lepard ~]# dnf –enablerepo=epel,powertools -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy |
➁Edit configuration file
| [root@Lepard ~]# vi /etc/clamd.d/scan.conf ■Line 8: Make it a comment. #Example ■Line 14: uncomment LogFile /var/log/clamd.scan ■Line 77: uncomment PidFile /run/clamd.scan/clamd.pid ■Line 81: uncomment TemporaryDirectory /var/tmp ■Line 96: uncomment LocalSocket /run/clamd.scan/clamd.sock |
| [root@Lepard ~]# touch /var/log/clamd.scan [root@Lepard ~]# chown clamscan. /var/log/clamd.scan [root@Lepard ~]# systemctl enable –now clamd@scan |
➂Configure and start Amavisd
| [root@Lepard ~]# vi /etc/amavisd/amavisd.conf |
Edit amavisd.conf
| ■Remove the “#” at the beginning of the line around line 13 @bypass_spam_checks_maps = (1); # controls running of anti-spam code ■Line 23: Change to own domain name $mydomain = ‘<own domain>’; ■Per line 28 Add “#” to the beginning of the line to disable it #$QUARANTINEDIR = undef; # -Q ■Add a “#” to the beginning of the line around line 125 to disable it # $virus_admin = undef; # notifications recip ■Line 158: Uncomment and change to your own host name. $myhostname = ‘mail.<own domain>’; ■Remove the “#” at the beginning of the line per line 163 $notify_method = ‘smtp:[127.0.0.1]:10025’; $forward_method = ‘smtp:[127.0.0.1]:10025’; # set to undef with milter! |
| [root@Lepard ~]# systemctl enable –now amavisd |
④Postfix Configuration
| [root@Lepard ~]# vi /etc/postfix/main.cf # Add to last line content_filter=smtp-amavis:[127.0.0.1]:10024 |
| [root@Lepard ~]# vi /etc/postfix/master.cf # Add the following table to the last line |
| smtp-amavis unix – – n – 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n – n – – smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 |
| [root@Lepard ~]# systemctl restart postfix |
3.Anti-spam settings
①Install SpamAssassin to prevent spam.
| [root@Lepard ~]# dnf -y install –enablerepo=epel spamassassin spamass-milter-postfix [root@Lepard ~]# systemctl start spamassassin [root@Lepard ~]# systemctl enable spamassassin |
➁Configuring SpamAssassin
| [root@Lepard ~]# vi /etc/mail/spamassassin/v310.pre ■Enable the TextCat plugin by removing the # at the beginning of the line per line 24 |
➂Install a script to update the SpamAssassin configuration file.
| [root@Lepard ~]# vi /opt/spamassassin-update.sh |
| #!/bin/bash cd /etc/mail/spamassassin mv spamassassin_user_prefs-main/user_prefs . # Do not use attachment format for emails that are judged as spam. # Add “***SPAM***” to the subject line of emails judged to be spam. # Restart SpamAssassin |
④Grant execute permission to the spamassassin-update script and run it.
| [root@Lepard ~]# chmod 700 /opt/spamassassin-update.sh [root@Lepard ~]# /opt/spamassassin-update.sh |
Make sure that the SpamAssassin configuration file is created in the /etc/mail/spamassassin directory on the current date.
directory as of the current date.
| [root@Lepard ~]# ls -l /etc/mail/spamassassin drwxr-xr-x 2 root root 59 6 月 7 20:02 channel.d -rw-r–r– 1 root root 1289 10 月16 2018 init.pre -rw-r–r– 1 root root 486543 9 月 11 20:24 local.cf ←Check that the date is the same as the execution date. drwx—— 2 root root 6 10 月16 2018 sa-update-keys -rw-r–r– 1 root root 62 10 月16 2018 spamassassin-default.rc |
⑤Configuring Postfix to incorporate SpamAssassin
| [root@Lepard ~]# vi /etc/postfix/master.cf ■Add a “#” to the beginning of the line around line 11 and add SpamAssassin settings on line 12 spamassassin unix – n n – – pipe |
⑥Edit the /etc/postfix/main.cf file
| [root@Lepard ~]# vi /etc/postfix/main.cf ■Add the following information to the last line Restart postfix. |
