Postfix on FreeBSD

2014-02-19 (水) 03:49:29

newaliases の db 出力先 & 参照先 2014/02/19

これまで、newaliases すると、/etc/mail/aliase.db が更新されていて、また、このファイルに基づいて転送先を規定していた。

しかし、newaliases での出力先が、/etc/aliases.db になっている様だ。

これは、/usr/local/etc/postfix/main.cf に明示的に記述していないと、/usr/local/etc/postfix/main.cf.default の記述

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases

に従うため、というのを知った、今日この頃(^^ゞ

webmaster 宛にスパムを送ってくる奴がいる

ので、

送信元アドレスにより,拒否

したい. 送信者アドレス(From行ではなく,SMTPセッションにおけるMAIL FROMで指定されるアドレス)か,そのドメインをリストで指定することにより,SMTP処理を拒否します.

rootで以下のコマンドを実行します.

main.cfにsmtpd_sender_restrictionsを追加する.

# grep _sender main.cf
smtpd_sender_restrictions =
	reject_unknown_sender_domain
	reject_non_fqdn_sender hash:/etc/postfix/reject_sender
#

/etc/postfix/reject_senderに除外したいアドレスやドメインを記述する.

# cat /etc/postfix/reject_sender
twostep21.biz		REJECT
hoge.co.jp		REJECT
spammer@hogehoge.co.jp	REJECT
#

リストテーブルを更新する.

# /usr/local/postfix/postmap /etc/postfix/reject_sender
# ll /etc/postfix/reject_sender*
-rw-r--r--  1 root  wheel     50 Feb 22 15:29 /etc/postfix/reject_sender
-rw-r--r--  1 root  wheel  32768 Feb 22 15:30 /etc/postfix/reject_sender.db
#

main.cf debugメールの設定

ちかごろやたらとエラーメールが増えたので・・・

#notify_classes = bounce,delay,policy,protocol,resource,software,2bounce
notify_classes = 2bounce,resource,software

postfix-2.8.7,1

Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
# Fix compressed man pages
To enable postfix startup script please add postfix_enable="YES" in
your rc.conf

If you not need sendmail anymore, please add in your rc.conf:

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

And you can disable some sendmail specific daily maintenance routines in your
/etc/periodic.conf file:

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

If /etc/periodic.conf does not exist please create it and add those values.

If you are using SASL, you need to make sure that postfix has access to read
the sasldb file.  This is accomplished by adding postfix to group mail and
making the /usr/local/etc/sasldb* file(s) readable by group mail (this should
be the default for new installs).

If you are upgrading from Postfix 2.6 or earlier, review the RELEASE_NOTES to
familiarize yourself with new features and incompatabilities.
===> Correct pkg-plist sequence to create group(s) and user(s)
===>   Compressing manual pages for postfix-2.8.7,1
===>   Registering installation for postfix-2.8.7,1
===> SECURITY REPORT:
      This port has installed the following binaries which execute with
      increased privileges.
/usr/local/sbin/postdrop
/usr/local/sbin/postqueue

      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/postfix/nqmgr

Postfix 2.4.5.1 のインストール

# cd /usr/ports/mail/postfix
# make
Postfix-ports-options.png
-lkrb -lcrypto -lcom_err -L/usr/local/lib/mysql -lmysqlclient -lz -lcrypt -
lm -L/usr/local/lib -L/usr/local/pgsql/lib -lpq -lcrypt -L/usr/local/lib -
lldap -llber -L/usr/local/lib -lcdb
/usr/bin/ld: cannot find -lkrb
*** Error code 1

Stop in /usr/ports/mail/postfix/work/postfix-2.4.5/src/master.
*** Error code 1

Stop in /usr/ports/mail/postfix/work/postfix-2.4.5.
*** Error code 1

Stop in /usr/ports/mail/postfix.
*** Error code 1

Stop in /usr/ports/mail/postfix.
*** Error code 1

Stop in /usr/ports/mail/postfix.
# rm -R work
# make rmconfig
PostfixPortsOptions.png
#make
#make install
Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
To enable postfix startup script please add postfix_enable="YES" in
your rc.conf

If you not need sendmail anymore, please add in your rc.conf:

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

And you can disable some sendmail specific daily maintenance routines in your
/etc/periodic.conf file:

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

If you are using SASL, you need to make sure that postfix has access to read
the sasldb file.  This is accomplished by adding postfix to group mail and
making the /usr/local/etc/sasldb* file(s) readable by group mail (this should
be the default for new installs).

If you are upgrading from postfix version prior to 2.0, please see the README
files for recommended changes to your configuration.
===> Installing rc.d startup script(s)

ので、/etc/rc.conf に

postfix_enable="YES" 
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

上記書き加え /etc/defaults/で

# cp periodic.conf periodic.conf-dist-sendamil-on

して

#vi /etc/periodic.conf して、
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

を置いておく

postfix を導入すると sendmail は不要になりますので、FreeBSD を make world した時に sendmail を作り直さないように設定します。
/etc/make.conf

# added by KUJI 2007-09-10 13:21:52
NO_SENDMAIL= true

/etc/mail/aliases

postfix: root

オリジナルの sendmail のログローテーションを止めるため /etc/newsyslog.conf を変更します。

#/var/log/sendmail.st			640  10	   *	168   B

/usr/local/etc/postfix/main.cfの設定

# cp main.cf main.cf-dist

して待避しておく

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
myhostname = tfc.thousand-winds.jp
mydomain = thousand-winds.jp
myorigin = $myhostname
#myorigin = $mydomain
#inet_interfaces = all
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#	mail.$mydomain, www.$mydomain, ftp.$mydomain
mydestination = $myhostname, localhost.$mydomain

# REJECTING MAIL FOR UNKNOWN LOCAL USERS
unknown_local_recipient_reject_code = 550
mynetworks_style = host

mynetworks = 210.255.122.208/28, 127.0.0.0/8

alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases

mail_spool_directory = /var/mail

debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
# ファイルの最後に追記するもの
# alias, forward, include の有効化
allow_mail_to_commands = alias,forward,include
# デバッグメールの有効化
notify_classes = bounce,delay,policy,protocol,resource,software

/usr/local/etc/postfix/master.cfの設定

Pflogsummのインストール

# cd /usr/ports/mail/pflogsumm
# make install

http://sakura.take-labo.jp/freebsd/mail_postfix_simple.html


添付ファイル: filePostfixPortsOptions.png 989件 [詳細] filePostfix-ports-options.png 990件 [詳細]

トップ   編集 凍結 差分 履歴 添付 複製 名前変更 リロード   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2014-02-19 (水) 03:49:29