![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
CONTENTS
Lastmodified 2023-10-17 (火) 15:31:56
【参考URL】FreeBSD 12 で自宅サーバ作成 メールサーバ編
【参考URL】Postfixのセキュリティ対策
【参考URL】FreeBSD、Apacheでサーバを構築して公開する
SMTP認証にsasl認証を使用する。
# portinstall security/cyrus-sasl2 # portinstall security/cyrus-sasl2-saslauthd
BLACKLISTD と SASL にチェック追加
===> Registering installation for postfix-3.8.2,1
Installing postfix-3.8.2,1...
===> Creating groups.
Using existing group 'mail'.
Creating group 'maildrop' with gid '126'.
Creating group 'postfix' with gid '125'.
===> Creating users
Creating user 'postfix' with uid '125'.
===> Creating homedir(s)
Adding user 'postfix' to group 'mail'.
===============================================================
Postfix was *not* activated in /usr/local/etc/mail/mailer.conf!
To finish installation run the following commands:
mkdir -p /usr/local/etc/mail
install -m 0644 /usr/local/share/postfix/mailer.conf.postfix /usr/local/etc/mail/mailer.conf
===============================================================
To use postfix instead of sendmail:
- clear sendmail queue and stop the sendmail daemons
Run the following commands to enable postfix during startup:
- sysrc postfix_enable="YES"
- sysrc sendmail_enable="NONE"
If postfix is *not* already activated in /usr/local/etc/mail/mailer.conf
- mv /usr/local/etc/mail/mailer.conf /usr/local/etc/mail/mailer.conf.old
- install -d /usr/local/etc/mail
- install -m 0644 /usr/local/share/postfix/mailer.conf.postfix /usr/local/etc/mail/mailer.conf
Disable sendmail(8) specific tasks,
add the following lines to /etc/periodic.conf(.local):
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
If you are using SASL, you need to make sure that postfix has access to read
the sasldb file. This is accomplished by adding postfix to group mail and
making the /usr/local/etc/sasldb* file(s) readable by group mail (this should
be the default for new installs).
===> SECURITY REPORT:
This port has installed the following binaries which execute with
increased privileges.
/usr/local/sbin/postlog
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/lib/postfix/libpostfix-util.so
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
https://www.postfix.org/
make: don't know how to make clear. Stop
make: stopped in /usr/ports/mail/postfix
# portinstall mail/dovecot
# service saslauthd start Starting saslauthd. # service postfix start postfix/postfix-script: starting the Postfix mail system # service dovecot start Starting dovecot.
【参考URL】Postfix で SMTP-AUTH を実現 SMTP-AUTH が正常に動作しているかを確認します。 具体的には Telnet で 25 番ポートにアクセスして確認します。
$ telnet localhost 25 <-- 入力し、エンター Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 www.miloweb.net ESMTP Postfix EHLO localhost <-- EHLO localhostと入力 250-zdnet.hoge.org 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 <-- この行があればオッケーです 250 8BITMIME QUIT <-- 確認できたので、QUITコマンドで切断します
もし「 250-AUTH PLAIN LOGIN 」と表示されていれば、SMTP-AUTH が上手く行っていないので、 Postfix のインストール手順を見直して、やり直さなければならない。
Total access 397:本日 2:昨日 1
