走り書きモード Postfixについては追記します。 ↓のconfも変更される可能性大です(パーミッションとか)
sslについては https://mozilla.github.io/server-side-tls/ssl-config-generator/ を全面的に参考にしました。
なお、使用しているOSはFreeBSDですのでLinuxの方はパスを読み替えて下さいね。
dovecot.conf
disable_plaintext_auth = no
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
pop3_uidl_format = %v-%u
protocols = imap pop3
ssl_cert = </usr/local/etc/letsencrypt/live/<FQDN>/fullchain.pem
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dh = </usr/local/etc/dovecot/dh.pem
ssl_key = </usr/local/etc/letsencrypt/live/<FQDN>/privkey.pem
ssl_min_protocol = TLSv1.2
userdb {
driver = passwd
}
Postfix3.5 -走り書き-
#postconf -n で抜いてきた設定。
余談だがサードパーティーのソフト(トレンドマイクロのソフトなど)がPostfixを拡張した場合などにその設定がpostconf -nで表示されない場合があるので「同じ設定のサーバを作りたい」などの時には注意する。
main.cf
alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
meta_directory = /usr/local/libexec/postfix
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, www.$mydomain, ml.$mydomain
mydomain = <ドメイン名>
myhostname = <FQDN> ←外から引いても問題なく引けるホスト名
mynetworks = <IPアドレス群>
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/letsencrypt/live/<FQDN>/fullchain.pem
smtpd_tls_dh1024_param_file = /usr/local/etc/postfix/dh.pem
smtpd_tls_key_file = /usr/local/etc/letsencrypt/live/<FQDN>/privkey.pem
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no
unknown_local_recipient_reject_code = 550