index

  1. Postfix インストール前の準備
  2. Postfixのインストール
  3. main.cfの基本設定
  4. SASLの設定
  5. TLSの設定
  6. バーチャルドメインの設定
  7. Postfixの起動

Postfix インストール前の準備

ユーザ、グループの追加

# useradd -u 110 -g 110 -s /bin/false postfix
# groupadd -g 110 postfix
# groupadd -g 111 postdrop

saslに cyrus、pop/imapにCourier-IMAPを使用するので、dovecot をアンインストールしておく

# yum remove dovecot

Postfix のインストール

$ tar zxf postfix-2.4.6.tar.gz
$ cd postfix-2.4.6
$ make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DUSE_TLS -I/usr/include/sasl" AUXLIBS="-lsasl2 -lssl -lcrypt"
$ make
$ sudo make install
(ほとんどdefaultのままEnter)
Please specify the prefix for installed file names. Specify this ONLY
if you are building ready-to-install packages for distribution to other
machines.
install_root: [/]

Please specify a directory for scratch files while installing Postfix. You
must have write permission in this directory.
tempdir: [/usr/local/src/postfix-2.4.6] /tmp/postfix-2.4.6

Please specify the final destination directory for installed Postfix
configuration files.
config_directory: [/etc/postfix] 

Please specify the final destination directory for installed Postfix
daemon programs. This directory should not be in the command search path
of any users.
daemon_directory: [/usr/libexec/postfix] 

Please specify the final destination directory for installed Postfix
administrative commands. This directory should be in the command search
path of adminstrative users.
command_directory: [/usr/sbin] 

Please specify the final destination directory for Postfix queues.
queue_directory: [/var/spool/postfix] 

Please specify the final destination pathname for the installed Postfix
sendmail command. This is the Sendmail-compatible mail posting interface.
sendmail_path: [/usr/sbin/sendmail] 

Please specify the final destination pathname for the installed Postfix
newaliases command. This is the Sendmail-compatible command to build
alias databases for the Postfix local delivery agent.
newaliases_path: [/usr/bin/newaliases] 

Please specify the final destination pathname for the installed Postfix
mailq command. This is the Sendmail-compatible mail queue listing command.
mailq_path: [/usr/bin/mailq] 

Please specify the owner of the Postfix queue. Specify an account with
numerical user ID and group ID values that are not used by any other
accounts on the system.
mail_owner: [postfix] 

Please specify the group for mail submission and for queue management
commands. Specify a group name with a numerical group ID that is
not shared with other accounts, not even with the Postfix mail_owner
account. You can no longer specify "no" here.
setgid_group: [postdrop] 

Please specify the destination directory for the Postfix HTML
files. Specify "no" if you do not want to install these files.
html_directory: [no] 

Please specify the destination directory for the Postfix on-line manual
pages. You can no longer specify "no" here.
manpage_directory: [/usr/local/man] 

Please specify the destination directory for the Postfix README
files. Specify "no" if you do not want to install these files.
readme_directory: [no] 

main.cf の基本設定

$ vi /etc/postfix/main.cf
myhostname = mail.example.com
mydomain = example.com
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, $mydomain
mynetworks = 192.168.0.0/26, 127.0.0.0/8
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
home_mailbox = Maildir/

などを追加

SASLの設定

# vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
# vi /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_client = no

ユーザ作成、削除、確認

(作成)
# saslpasswd2 -c -u `postconf -h myhostname` USER_NAME

(削除)
# saslpasswd2 -d -u `postconf -h myhostname` USER_NAME

(確認)
# sasldblistusers2

ユーザ、パスワードデータベースファイルのパーミッション変更

# chgrp postfix /etc/sasldb2
# chgrp 640 /etc/sasldb2

TLSの設定

# vi /etc/postfix/main.cf
smtpd_tls_cert_file = /usr/local/certs/server.crt
smtpd_tls_key_file = /usr/local/certs/server.key
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
tls_random_source = dev:/dev/urandom
# vi /etc/postfix/master.cf

(以下のコメントアウトを外し、有効にする)

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

バーチャルドメインの設定

# vi /etc/postfix/main.cf
virtual_alias_maps = hash:/etc/postfix/virtual
# vi /etc/postfix/virtual
virtual.domain.com anything
USER@virtual.domain.com USER
# postmap /etc/postfix/virtual
# /usr/sbin/postfix reload

Postfixの起動

# /usr/sbin/postfix start