openSUSE12.1に、postfixとdovecotをインストールして、メールサーバーを構築します。
# zypper install --no-recommends postfix dovecot12
Loading repository data...
Reading installed packages...
'postfix' is already installed.
No update candidate for 'postfix-2.8.8-3.13.1.x86_64'. The highest available version is already installed.
Resolving package dependencies...
The following NEW package is going to be installed:
dovecot12
The following packages are recommended, but will not be installed:
dovecot12-backend-mysql dovecot12-backend-pgsql dovecot12-backend-sqlite
1 new package to install.
Overall download size: 2.6 MiB. After the operation, additional 14.4 MiB will
be used.
Continue? [y/n/?] (y): y
Retrieving package dovecot12-1.2.17-7.1.3.x86_64 (1/1), 2.6 MiB (14.4 MiB unpacked)
Retrieving: dovecot12-1.2.17-7.1.3.x86_64.rpm [done]
Installing: dovecot12-1.2.17-7.1.3 [done]
postfixはインストールされていました。
今回は次のようなメールサーバーを構築します。
- SASL認証はdovecotで行う
- virtual mailboxを使う
- SSLによる暗号化
- IMAPを使う
postfixがdovecot SASLをサポートしていることを確認します。
# postconf -a
cyrus
dovecot
SSLの自己証明書と秘密鍵を作ります。
# cd /etc/ssl/private
# openssl req -new -x509 -nodes -days 3650 -out mail.crt -keyout mail.key
Generating a 1024 bit RSA private key
.....++++++
...........................................++++++
writing new private key to 'mail.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:mail.lool.jp
Email Address []:
# chmod 600 mail.key
次にvirtual mailbox用に、ユーザーとグループを作成します。
# groupadd -g 1001 vmail
# useradd -u 1001 -g 1001 -d /var/spool/vmail -r -s /sbin/nologin vmail
virtual mailboxディレクトリを作成します。
# mkdir /var/spool/vmail
# chown vmail.vmail /var/spool/vmail
# chmod 700 /var/spool/vmail
/etc/postfix/main.cfを編集します。
setgid_group = maildrop
daemon_directory = /usr/lib/postfix
myhostname = mail.lool.jp
mydomain = lool.jp
myorigin = $mydomain
mydestination = $myhostname localhost.$mydomain localhost
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
permit_auth_destination,
reject
debug_peer_level = 3
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_gid_maps = static:1001
virtual_uid_maps = static:1001
virtual_mailbox_base = /var/spool/vmail
virtual_mailbox_domains = lool.jp
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
/etc/postfix/vmailboxにvirtual mailboxを定義します。
mascotpark@lool.jp mascotpark/Maildir/
# cd /etc/postfix
# postmap vmailbox
/etc/postfix/master.cfを編集します。
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
次に/etc/dovecot/dovecot.confを編集します。
protocols = imap imaps
protocol imap {
listen = *:143
ssl_listen = *:993
}
listen = *
disable_plaintext_auth = yes
ssl = yes
ssl_cert_file = /etc/ssl/private/mail.crt
ssl_key_file = /etc/ssl/private/mail.key
verbose_ssl = yes
mail_location = maildir:/var/spool/vmail/%u/Maildir
mail_uid = 1001
mail_gid = 1001
mail_debug = yes
lock_method = fcntl
protocol imap {
mail_plugin_dir = /usr/lib64/dovecot/modules/imap
}
auth_username_format = %Ln
auth default {
mechanisms = cram-md5 login plain
passdb passwd-file {
args = scheme=CRAM-MD5 username_format=%u /etc/dovecot/passwd
}
user = root
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = postfix
group = postfix
}
client {
path = /var/spool/postfix/private/dovecot-auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}
/etc/dovecot/passwdファイルを作ります。
mascotpark:{CRAM-MD5}477934589a58e54b516c742aff2e8a77019df50f3b33f134385b875047370666
サービスを再起動します。
# systemctl restart postfix.service
# systemctl restart dovecot.service
Firewallを設定します。
smtpとdovecotで使用するポート番号を設定します。
/etc/sysconfig/SuSEfirewall2.d/services/smtp
TCP="25 465 587"
/etc/sysconfig/SuSEfirewall2.d/services/dovecot
TCP="imap imaps pop3 pop3s sieve 4190"
/etc/sysconfig/SuSEfirewall2を編集し、サービスを再起動します。
FW_CONFIGURATIONS_EXT="sshd smtp dovecot"
# /sbin/SuSEfirewall2 stop
SuSEfirewall2: Firewall rules unloaded.
# /sbin/SuSEfirewall2 start
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
SuSEfirewall2: using default zone 'ext' for interface eth0
SuSEfirewall2: Firewall rules successfully set
telnetを使って動作を確認します。
# telnet localhost 25
EHLO localhost
250-mail.lool.jp
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:root
250 2.1.0 Ok
RCPT TO:mascotpark@lool.jp
250 2.1.5 Ok
DATA
354 End data with .
TEST
.
250 2.0.0 Ok: queued as 6EC272003DA
quit
221 2.0.0 Bye
Connection closed by foreign host.
# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=CRAM-MD5 AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
x LOGIN mascotpark@lool.jp password
x OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
x LOGOUT
* BYE Logging out
x OK Logout completed.
Connection closed by foreign host.
0 件のコメント:
コメントを投稿