#author("2023-09-24T10:27:35+09:00","default:kuji","kuji")
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*SMTP認証 [#sa8edd4a]
【参考URL】[[FreeBSD 12 で自宅サーバ作成 メールサーバ編:https://qiita.com/Chun3/items/dc0e176c9de4f6b4bfb8]]~
【参考URL】[[Postfixのセキュリティ対策:https://www.criterion.sc/sub_notes/Postfix_Security.html]]~
【参考URL】[[FreeBSD、Apacheでサーバを構築して公開する:http://hobbit.ddo.jp/html/bsd.html]]
*cyrus-saslのインストール [#z2a3e92d]
SMTP認証にsasl認証を使用する。
# portinstall security/cyrus-sasl2
# portinstall security/cyrus-sasl2-saslauthd
* Postfix [#i229361a]
#ref(Postfix_show_config.PNG)
BLACKLISTD と SASL にチェック追加
===> Registering installation for postfix-3.8.2,1
Installing postfix-3.8.2,1...
===> Creating groups.
Using existing group 'mail'.
Creating group 'maildrop' with gid '126'.
Creating group 'postfix' with gid '125'.
===> Creating users
Creating user 'postfix' with uid '125'.
===> Creating homedir(s)
Adding user 'postfix' to group 'mail'.
===============================================================
Postfix was *not* activated in /usr/local/etc/mail/mailer.conf!
To finish installation run the following commands:
mkdir -p /usr/local/etc/mail
install -m 0644 /usr/local/share/postfix/mailer.conf.postfix /usr/local/etc/mail/mailer.conf
===============================================================
To use postfix instead of sendmail:
- clear sendmail queue and stop the sendmail daemons
Run the following commands to enable postfix during startup:
- sysrc postfix_enable="YES"
- sysrc sendmail_enable="NONE"
If postfix is *not* already activated in /usr/local/etc/mail/mailer.conf
- mv /usr/local/etc/mail/mailer.conf /usr/local/etc/mail/mailer.conf.old
- install -d /usr/local/etc/mail
- install -m 0644 /usr/local/share/postfix/mailer.conf.postfix /usr/local/etc/mail/mailer.conf
Disable sendmail(8) specific tasks,
add the following lines to /etc/periodic.conf(.local):
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
If you are using SASL, you need to make sure that postfix has access to read
the sasldb file. This is accomplished by adding postfix to group mail and
making the /usr/local/etc/sasldb* file(s) readable by group mail (this should
be the default for new installs).
===> SECURITY REPORT:
This port has installed the following binaries which execute with
increased privileges.
/usr/local/sbin/postlog
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/lib/postfix/libpostfix-util.so
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
https://www.postfix.org/
make: don't know how to make clear. Stop
make: stopped in /usr/ports/mail/postfix
*dovecot [#xdbd1fd1]
# portinstall mail/dovecot
*起動 [#c7766114]
# service saslauthd start
Starting saslauthd.
# service postfix start
postfix/postfix-script: starting the Postfix mail system
# service dovecot start
Starting dovecot.
*SMTP-AUTH の確認 [#ybe2857a]
【参考URL】[[Postfix で SMTP-AUTH を実現:http://www.miloweb.net/smtpauth.html]]
SMTP-AUTH が正常に動作しているかを確認します。
具体的には Telnet で 25 番ポートにアクセスして確認します。
$ telnet localhost 25 <-- 入力し、エンター
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 www.miloweb.net ESMTP Postfix
EHLO localhost <-- EHLO localhostと入力
250-zdnet.hoge.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 <-- この行があればオッケーです
250 8BITMIME
QUIT <-- 確認できたので、QUITコマンドで切断します
もし「 250-AUTH PLAIN LOGIN 」と表示されていれば、SMTP-AUTH が上手く行っていないので、
Postfix のインストール手順を見直して、やり直さなければならない。
----
Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday);
#counter([total|today|yesterday]);
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
