前回、Dovecot まで設定が終わったので、今日は最後に postfix の設定をしてサーバを完成させます。
今回のサーバではメールの配信ディレクトリを /var/vmail 、ユーザーは vuser, ユーザーID は 1000 にすることにします。
あらかじめ下記の要領でユーザーとグループ、ディレクトリを作っておきます。
groupadd -g 1000 vuser
useradd -g vuser -u 1000 vuser
mkdir /var/vmail
chown vuser:vuser /var/vmail
chmod 771 /var/vmail
以下、設定メモ。
† postfix 設定の編集
postfix の設定ファイルは /etc/postfix 以下にすべてまとまっています。
sendmail に比べれば設定ファイルが簡素なので助かります。
diff -u main.cf{.org,}
--- main.cf.org 2014-02-20 19:07:52.000000000 +0900
+++ main.cf 2014-05-31 15:50:56.229016475 +0900
@@ -74,13 +74,14 @@
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
+myhostname = host.example.com
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
-#mydomain = domain.tld
+mydomain = host.example.com
# SENDING MAIL
#
@@ -95,7 +96,7 @@
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
-#myorigin = $myhostname
+myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
@@ -110,10 +111,10 @@
#
# Note: you need to stop/start Postfix when this parameter changes.
#
-#inet_interfaces = all
+inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
-inet_interfaces = localhost
+#inet_interfaces = localhost
# Enable IPv4, and IPv6 if supported
inet_protocols = all
@@ -161,10 +162,11 @@
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
-mydestination = $myhostname, localhost.$mydomain, localhost
+#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
+mydestination = $myorigin
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
@@ -293,7 +295,7 @@
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
-#relay_domains = $mydestination
+relay_domains = $mydestination
# INTERNET OR INTRANET
@@ -406,7 +408,7 @@
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
-#recipient_delimiter = +
+recipient_delimiter = +
# DELIVERY TO MAILBOX
#
@@ -416,7 +418,7 @@
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
-#home_mailbox = Maildir/
+home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
@@ -568,6 +570,7 @@
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+smtpd_banner = $myhostname ESMTP unknown
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
@@ -674,3 +677,59 @@
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
+
+
+# Added for vmail
+
+local_transport = local
+virtual_transport = virtual
+virtual_mailbox_base = /var/vmail
+virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
+virtual_alias_domains = $virtual_alias_maps
+virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
+virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
+virtual_minimum_uid = 1000
+virtual_uid_maps = static:1000
+virtual_gid_maps = static:1000
+
+maximal_backoff_time = 800s
+minimal_backoff_time = 100s
+bounce_queue_lifetime = 60m
+maximal_queue_lifetime = 60m
+
+mailbox_size_limit = 1024000000
+
+virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
+virtual_mailbox_limit_override = yes
+virtual_overquota_bounce = yes
+virtual_mailbox_limit_inbox = yes
+
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_local_domain = $myhostname
+smtpd_client_restrictions = reject_rbl_client b.barracudacentral.org
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+
+smtpd_tls_security_level = may
+smtp_tls_note_starttls_offer = yes
+smtp_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
+smtp_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
+smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
+smtp_tls_loglevel = 1
+
+smtpd_tls_security_level = may
+smtpd_tls_auth_only = yes
+smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
+smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
+smtpd_tls_loglevel = 1
+smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
+smtpd_tls_received_header = yes
+smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
+smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
+tls_random_source = dev:/dev/urandom
submission と smtps が使えるように master.cf も編集しておきます。
diff -u master.cf{.org,}
--- master.cf.org 2014-02-20 19:07:51.000000000 +0900
+++ master.cf 2014-05-31 12:49:26.231560671 +0900
@@ -9,14 +9,14 @@
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-#submission inet n - n - - smtpd
+submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
-#smtps inet n - n - - smtpd
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
+smtps inet n - n - - smtpd
+ -o smtpd_tls_wrappermode=yes
+ -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
† mysql によるバーチャルユーザー用ファイルを追加
main.cf で書いた mysql_virtual_* というファイル作成していきます。
####MYSQL_PASS#### はMySQL のパスワードに読み替えてください。
mysql_virtual_alias_maps.cf
user = postfix
password = ####MYSQL_PASS####
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
mysql_virtual_domains_maps.cf
user = postfix
password = ####MYSQL_PASS####
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and active = '1'
mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = ####MYSQL_PASS####
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
mysql_virtual_mailbox_maps.cf
user = postfix
password = ####MYSQL_PASS####
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
最後にこれらのファイルのパーミッションを変更しておきます。
MySQL のパスワードが書いてあるので忘れないようにしてください。
chown root:postfix mysql_virtual_*
chmod 640 mysql_virtual_*
あとはデーモンを再起動してやれば完成です。
今回のアーキテクチャだと Postfix は認証を Dovecot に依存しています。Dovecot は認証のためのバックエンドとして MySQL に依存しているので、MySQL や Dovecot が落ちていると Postfix が生きていても、このサーバはうまく動作しません。Dovecot も MySQL もこれまで何年も運用していてほとんど落ちたことがないデーモンなので特に問題はないと思いますが、このあたりいろいろと密結合なのがちょっと気になりますかね。
† 参考