LoginSignup
0
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@tukiyo3

postfixとdovecotとでPAM認証 (POP before SMTP)

Last updated at Posted at 2014-08-25

PAM認証

要件

  • postfixだけでは POP before SMTP がないので、dovecotの機能を使う。
  • PAM認証のためsasl_pathをpostfixとdovecotで合わせる。
    • PAM認証とは、サーバ上のユーザのID/Passで認証のことです。

パッケージインストール

インストール
pacman -Sy postfix dovecot extra/cyrus-sasl
設定コピー
sudo cp /etc/dovecot/dovecot.conf{.sample,}

設定

/etc/postfix/main.cf
(略)
+ smtpd_sasl_type = dovecot
+ smtpd_sasl_path = private/auth
  smtpd_sasl_auth_enable = yes
  smtpd_sasl_security_options = noanonymous
  smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    permit_auth_destination,
    reject_rbl_client all.rbl.jp,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client zen.spamhaus.org,
    reject
(略)
/etc/dovecot/conf.d/customize.conf
  ssl = no
  
  protocols = imap pop3
  disable_plaintext_auth = no
  mail_location = maildir:~/Maildir
  
+ mail_privileged_group = mail
+ service auth {
+   unix_listener /var/spool/postfix/private/auth {
+     group = postfix
+     mode = 0660
+     user = postfix
+   }
+ }
+ 
+ passdb {
+   driver = pam
+   args = %s
+ }
+ userdb {
+   driver = passwd
+ }

SMTP-TLS対応

  • Gmailからsmtpサーバの追加をする時、TLS対応している必要がある。

鍵生成

% mkdir /etc/postfix/tls && cd /etc/postfix/tls
# 秘密鍵作成。(Enter PEM pass phrase:でパスフレーズ入力)
% openssl genrsa -des3 2048 > localhost.key
# 秘密鍵からパスフレーズを削除 (Enter pass phrase for private/localhost.key:)
% openssl rsa -in localhost.key -out localhost.key
# サイト証明書作成
% openssl req -new -x509 -key localhost.key -out localhost.crt -days 7300

-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []: 
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MY COMPANY
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:mydomain.co.jp
Email Address []:

% ls -lh
-rw-r--r-- 1 root root 1.3K  9月 29 07:28 localhost.crt
-rw-r--r-- 1 root root 1.7K  9月 29 07:27 localhost.key

postfixの設定

% cd /etc/postfix/
% touch smtpd_tls_scache
% vim main.cf
main.cfに追加
# TLSを有効にする
smtpd_use_tls = yes
# 秘密鍵ファイルの指定
smtpd_tls_key_file = /etc/postfix/tls/localhost.key
# 証明書ファイルの指定
smtpd_tls_cert_file = /etc/postfix/tls/localhost.crt
master.cf
submission inet n       -       n       -       -       smtpd
#  -o syslog_name=postfix/submission
-#  -o smtpd_tls_security_level=may
+   -o smtpd_tls_security_level=may

postfix restart

systemctl restart postfix
journalctl -u postfix -f
journalctl -u postfix --since=today
0
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?