s50
- Postfix settings.
- SMTP authentication settings.
- Creation of Maildir format mailboxes.
- Open TCP25 and TCP587 ports.
- Port open test.
- OP25B measures for mail servers.
- Forward mail addressed to root (using free mail).
- Email sending test.
- Email forwarding settings for Gmail.
- Receipt confirmation of mail addressed to root.
- Install Dovecot.
- Open TCP110 or TCP143 port.
- Adding mail users.
- Check sendmail path.
- Email software registration.
- Obtaining a server certificate.
- SSL settings.
- Open port TCP465.
- Port open test.
- Close TCP port 587.
- Port open test.
- Open port TCP995 or TCP993.
- Port open test.
- Change email settings.
- Cooperation with anti-virus software (Clamav + Amavisd).
Postfix settings.
Allow external web access.
[root@www ~]# 50_1vi /etc/httpd/conf.d/virtualhost-00-fedoraserver.jp.conf <VirtualHost *:80> ServerName fedoraserver.jp DocumentRoot /var/www/html 50_2ServerAlias mail.fedoraserver.jp RewriteEngine On RewriteCond %{HTTP_HOST} ^www.fedoraserver.jp RewriteRule ^(.*)$ http://fedoraserver.jp/$1 [R=301,L] </VirtualHost>
s51Install Postfix.
[root@www ~]# 51_1dnf install postfix
s52Configure Postfix.
[root@www ~]# 52_1vi /etc/postfix/main.cf
s53Line 96: Add the specification of the mail server domain name.
53_1myhostname = mail.fedoraserver.jp
s54Line 103: Add the specification of the domain name.
54_1mydomain = fedoraserver.jp
s55Line 119: Add the specification of the domain name to the sender’s email address.
55_1myorigin = $mydomain
s56Line 135: Change the settings to allow receiving emails from outside.
inet_interfaces = 56_1all
s57Line 183: Change the setting to receive domain mail.
mydestination = $myhostname, localhost.$mydomain, localhost57_1, $mydomain
s58Line 439: Add the setting to set the mail storage format to Maildir format.
58_1home_mailbox = Maildir/
s59Line 593: Add the setting to hide the name of the mail server software.
59_1smtpd_banner = $myhostname ESMTP unknown
s60Add SMTP authentication settings to the last line.
60_1smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
s61Add a setting to limit the size of incoming mail to 10MB=10*1024*1024 to the last line.
61_1message_size_limit = 10485760
s62set the file.
[root@www ~]# 62_1vi /etc/postfix/master.cf
s63Line 19: Remove the “#” at the beginning of the line to uncomment it.
submission inet n - n - - smtpd
s64Line 22: Remove the “#” at the beginning of the line to uncomment it.
-o smtpd_sasl_auth_enable=yes
s65
SMTP authentication settings.
Install cyrus-sasl.
[root@www ~]# 65_1dnf install cyrus-sasl cyrus-sasl-plain
s66start up.
[root@www ~]# 66_1systemctl start saslauthd
s67Set auto start.
[root@www ~]# 67_1systemctl enable saslauthd
s68
Creation of Maildir format mailboxes.
Set to automatically create a Maildir format mailbox when adding a new user.
[root@www ~]# 68_1mkdir -p /etc/skel/Maildir/{new,cur,tmp}
s69Set mailbox permissions.
[root@www ~]# 69_1chmod -R 700 /etc/skel/Maildir/
s70start up.
[root@www ~]# 70_1systemctl restart postfix
s71Configure settings to create a Maildir format mailbox for the current user.
[root@www ~]# 71_1wget https://rcg.jp/perfect_maildir/perfect_maildir.pl -O /usr/local/bin/perfect_maildir.pl [root@www ~]# 71_2chmod +x /usr/local/bin/perfect_maildir.pl
s72Install Perl’s TimeDate module required for Maildir conversion.
[root@www ~]# 72_1dnf -y install perl-TimeDate
s73Stop Postfix.
[root@www ~]# 73_1systemctl stop postfix
s74Create a Maildir bulk conversion script.
[root@www ~]# 74_1vi migrate-maildir.sh 74_2#!/bin/bash # #Maildir batch conversion script # #Mailbox => Maildir format conversion script #http://perfectmaildir.home-dn.net/ FOLDERCONVERT=/usr/local/bin/perfect_maildir.pl #general user list USERLIST=`ls /home/` #log MIGRATELOG=/tmp/migrate-maildir.log rm -f $MIGRATELOG #Argument (conversion source mailbox format) check if [ "$1" != "mbox" ] && [ "$1" != "Mailbox" ]; then echo "Usage: migrate-maildir.sh {mbox|Mailbox}" exit fi #Migrate general user mailboxes for user in $USERLIST; do if [ "$1" = "mbox" ]; then inbox="/var/spool/mail/${user}" else inbox="/home/${user}/Mailbox" fi if [ -f "${inbox}" ]; then newdir="/home/${user}/Maildir/" mkdir -p "$newdir" mkdir -p "$newdir"/cur mkdir -p "$newdir"/new mkdir -p "$newdir"/tmp chmod -R 700 "${newdir}" $FOLDERCONVERT "$newdir" < "${inbox}" >> $MIGRATELOG 2>&1 chown -R ${user}. "$newdir" find "$newdir" -type f -exec chmod 600 {} ; fi done #root user mailbox migration user="root" if [ "$1" = "mbox" ]; then inbox="/var/spool/mail/${user}" else inbox="/${user}/Mailbox" fi if [ -f "${inbox}" ]; then newdir="/${user}/Maildir/" mkdir -p "$newdir" mkdir -p "$newdir"/cur mkdir -p "$newdir"/new mkdir -p "$newdir"/tmp chmod -R 700 "${newdir}" $FOLDERCONVERT "$newdir" < "${inbox}" >> $MIGRATELOG 2>&1 chown -R ${user}. "$newdir" find "$newdir" -type f -exec chmod 600 {} ; fi [ -a $MIGRATELOG ] && cat $MIGRATELOG;rm -f $MIGRATELOG
s75Run the batch conversion script.
[root@www ~]# 75_1sh migrate-maildir.sh mbox
s76Remove the Maildir bulk conversion script.
[root@www ~]# 76_1rm -f migrate-maildir.sh
s77Remove Maildir conversion tool.
[root@www ~]# 77_1rm -f /usr/local/bin/perfect_maildir.pl
s78start up.
[root@www ~]# 78_1systemctl restart postfix
s79Change “/etc/aliases” if you want to use the webmaster user for mail.
[root@www ~]# 79_1vi /etc/aliases
s80Add # to the beginning of the line to disable forwarding.
80_1#webmaster: root
s81Reflect transfer settings.
[root@www ~]# 81_1newaliases
s82
Open TCP25 and TCP587 ports.
Open TCP25 and TCP587 ports in your router settings. (Check the setting method according to your own environment.)
Port open test.
“Host name (fedoraserver.jp)” and “Port number (25, 587)” are open.
OP25B measures for mail servers.
As a countermeasure against OP25B on the mail server, set to send outgoing mail via Gmail.
Configure Postfix.
Postfixを設定します。
[root@www ~]# 83_1vi /etc/postfix/main.cf
s84Add the following to the last line.
84_1relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
s85Set your SMTP credentials.
[root@www ~]# 85_1echo [smtp.gmail.com]:587 Gmailアドレス:Gmailパスワード > /etc/postfix/sasl_passwd
s86Change the permission so that it cannot be referred to other than root.
[root@www ~]# 86_1chmod 640 /etc/postfix/sasl_passwd
s87Create a database of SMTP authentication information.
[root@www ~]# 87_1postmap /etc/postfix/sasl_passwd
s88Restart Postfix.
[root@www ~]# 88_1systemctl reload postfix
s89
Forward mail addressed to root (using free mail).
Forward mail to root.
[root@www ~]# 89_1vi /etc/aliases
s90Append to the last line.。
# Person who should get root's mail #root: marc 90_1root: 転送用メールアドレス
s91Reflect transfer settings.
[root@www ~]# 91_1newaliases
s92
Email sending test.
Send test mail to root.
[root@www ~]# 92_1echo test|sendmail root
s93
Email forwarding settings for Gmail.
First, configure Thunderbird’s Gmail (outgoing email) settings.
Thunderbird Gmail (outgoing mail) settings
s94Launch Thunderbird, open “Check blocked logins” with your outgoing email address, and click “Allow access to less secure apps”.
s95Log in to Gmail in your browser.
s96Right-click on the user icon in the upper right corner → “Manage Google Account” → “Security” → Enable access by “Access for less secure apps”.。
s97
Receipt confirmation of mail addressed to root.
First, set Thunderbird’s Gmail (mail for forwarding).
Thunderbird Gmail (forwarding mail) settings
s98Confirm the receipt with the forwarding email address for root of Thunderbird (Gmail).
Install Dovecot.
Install Dovecot.
[root@www ~]# 98_1dnf -y install dovecot
s99set the file.
[root@www ~]# 99_1vi /etc/dovecot/dovecot.conf
s101Line 24: Remove the “#” at the beginning of the line to uncomment it.
protocols = imap pop3 lmtp submission
s102Line 30: Remove the “#” at the beginning of the line to uncomment it and change the settings to disable IPv6.
listen = *
s103set the file.
[root@www ~]# 103_1vi /etc/dovecot/conf.d/10-mail.conf
s104Line 31: Add the setting to set the mail storage format to Maildir format.
104_1mail_location = maildir:~/Maildir
s105set the file.
[root@www ~]# 105_1vi /etc/dovecot/conf.d/10-auth.conf
s106Line 11: Add the setting to allow plaintext authentication.
106_1disable_plaintext_auth = no
s107set the file.
[root@www ~]# 107_1vi /etc/dovecot/conf.d/10-ssl.conf
s108Line 8: Change the setting to disable SSL connection.
ssl = 108_1no
s109start up.
[root@www ~]# 109_1systemctl start dovecot
s110Set autostart.
[root@www ~]# 110_1systemctl enable dovecot
s111
Open TCP110 or TCP143 port.
“Host name (fedoraserver.jp)” and “Port number (110 or 143)” are open.
Release confirmation site
s112
Adding mail users.
Add users. (User example: fedora)
[root@www ~]# 112_1useradd fedora
s113Set your password.
[root@www ~]# 113_1passwd fedora Changing password for user fedora. New UNIX password: Retype new UNIX password:
s114
Edit “/etc/ssh/sshd_config” to disable authentication connection with private key.
Edit sshd_config.
[root@www ~]# 114_1vi /etc/ssh/sshd_config
s115Line 65: Change from “no” to “yes”.
PasswordAuthentication 116_1yes
s117Restart SSH.
[root@www ~]# 117_1systemctl restart sshd
s118Make a new connection to TeraTerm with fedora.。
Set SSH server public key authentication method connection.
Setting up an SSH server public key authentication method connection
s119
Check sendmail path.
Open a file.
[root@www ~]# 119_1vi /etc/postfix/main.cf
s120Line 665: Check sendmail path.WP-Coder title=”section_end”]
sendmail_path = /usr/sbin/sendmail.postfix
s121
Email software registration.
Launch Thunderbird and click Mail.
s122Your name and email address (fedora@fedoraserver.jp), enter your password, and click Continue.
s123Click “Manual Settings”.
Server hostname | port number | SSL | Authentication method | ||
Incoming server | POP3 | mail.fedoraserver.jp | 110 | No connection protection | normal password authentication |
Outgoing server | SMTP | mail.fedoraserver.jp | 587 | No connection protection | normal password authentication |
s124Refer to the table above to configure the settings, and then click “Finish”.
s125Select “I understand the risks of connecting” and click “Finish”.
s126
Obtaining a server certificate.
Install Certbot.
[root@www ~]# 126_1dnf -y install certbot
s127Get a certificate.
Document root: /var/www/html/
Email address: webmaster@fedoraserver.jp
Mail server name:mail.fedoraserver.jp
[root@www ~]# 127_1certbot certonly --webroot -w /var/www/html/ -m webmaster@fedoraserver.jp -d mail.fedoraserver.jp --agree-tos
s128Configure automatic certificate renewal.
[root@www ~]# 128_1vi /etc/cron.d/letsencrypt
s129Add the following.
129_100 16 * * 2 root /usrobin/certbot renew --post-hook "service httpd restart"
s130
SSL settings.
set the file.
[root@www ~]# 130_1vi /etc/postfix/main.cf
s131Add the following to the last line.
131_1smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.fedoraserver.jp/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.fedoraserver.jp/privkey.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
tls_high_cipherlist = kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES
smtp_tls_ciphers = high
smtpd_tls_ciphers = high
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
s132set the file.
[root@www ~]# 132_1vi /etc/postfix/master.cf
s133Line 19: Add “#” at the beginning of the line to comment it out and disable the SUBMISSION port.
133_1#submission inet n - n - - smtpd
s134Line 22: Add “#” at the beginning of the line to comment it out and disable SMTP authentication for the SUBMISSION port.
134_1# -o smtpd_sasl_auth_enable=yes
s135Line 33: Remove the “#” at the beginning of the line to uncomment and enable SMTPS.
smtps inet n - n - - smtpd
s136Line 35: Remove the “#” at the beginning of the line to uncomment it and enable SMTPS.
-o smtpd_tls_wrappermode=yes
s137Line 36: Remove the “#” at the beginning of the line to uncomment it and enable SMTPS.
-o smtpd_sasl_auth_enable=yes
s138Line 49: Remove the “#” at the beginning of the line to uncomment and enable SMTPS.
tlsmgr unix - - n 300 1 tlsmgr
s139Restart.
[root@www ~]# 139_1systemctl restart postfix
s140
Open port TCP465.
Open TCP port 465 in your router settings. (Check the setting method according to your own environment.)
Port open test.
On the release confirmation site, enter “host name (mail.fedoraserver.jp)” and “Port number (465)” are open.
Release confirmation site
s141
Close TCP port 587.
Block TCP port 587 in your router settings. (Check the setting method according to your own environment.)
Port open test.
set the file.
[root@www ~]# 141_1vi /etc/dovecot/conf.d/10-ssl.conf
s142Line 8: Change the setting to enable SSL connection.
ssl = 142_1yes
s143Line 14: Specify server certificate + intermediate certificate.
ssl_cert = <143_1/etc/letsencrypt/live/mail.fedoraserver.jp/fullchain.pem
s144Line 15: Specify the private key.
ssl_key = <144_1/etc/letsencrypt/live/mail.fedoraserver.jp/privkey.pem
s145Restart.
[root@www ~]# 145_1systemctl restart dovecot
s146
Open port TCP995 or TCP993.
Open port TCP995 or TCP993 in your router settings. (Check the setting method according to your own environment.)
Port open test.
On the release confirmation site, enter “host name (mail.fedoraserver.jp)” and “Port number (995 or 993)” are open.
Release confirmation site
s147
Change email settings.
Launch Thunderbird, select your email address, and click “View settings for this account”.
s148Click Server Settings and select SSL/TLS under Secure Connection.
s149Click Outgoing (SMTP) Server, select your SMTP server, and click Edit.
s150Enter “465” in “Port number”, select “SSL/TLS” in “Connection security”, and click “OK”.
s154Click OK.
s155
Cooperation with anti-virus software (Clamav + Amavisd).
Install Amavisd and Clamav Server.
[root@www ~]# 155_1dnf -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy
s156set the file.
[root@www ~]# 156_1vi /etc/amavisd/amavisd.conf
s157Line 23: Set the domain name.
$mydomain = 157_1'fedoraserver.jp';
s158Line 158: Remove the “#” at the beginning of the line to uncomment and set the mail server.
$myhostname = 158_1'mail.fedoraserver.jp';
s159Lines 163, 164: Remove the “#” at the beginning of the line to uncomment it.
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
s160set the file.
[root@www ~]# 160_1vi /etc/clamd.d/scan.conf
s161Line 8: Add “#” at the beginning of the line to make it a comment.
161_1#Example
s162Line 14: Remove the “#” at the beginning of the line to uncomment it.
LogFile /var/log/clamd.scan
s163Line 77: Remove the “#” at the beginning of the line to uncomment it.
PidFile /var/run/clamd.scan/clamd.pid
s164Line 81: Remove the “#” at the beginning of the line to uncomment it.
TemporaryDirectory /var/tmp
s165Line 96: Uncomment by removing “” at the beginning of the line.
LocalSocket /var/run/clamd.scan/clamd.sock
s166Start up.
[root@www ~]# 166_1touch /var/log/clamd.scan [root@www ~]# 166_2chown clamscan. /var/log/clamd.scan
s167Set autostart.
[root@www ~]# 167_1systemctl enable --now clamd@scan amavisd
s168Set the file.
[root@www ~]# 168_1vi /etc/postfix/main.cf
s169Append to the last line.
169_1content_filter=smtp-amavis:[127.0.0.1]:10024
s170Set the file.
[root@www ~]# 170_1vi /etc/postfix/master.cf
s171Append to the last line.
171_1smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
s172Restart.
[root@www ~]# 172_1systemctl restart postfix
コメント