» Linux ディストリビューション » CentOS » Postfix

メールサーバーを構築する(Postfix - SMTP)

 メールサーバーを構築するときによく使用されるパッケージとして、Sendmail というパッケージがありますが、Wietse Venema 氏が Sendmail との置き換えを目的に開発した Postfix というパッケージも存在します。 Postfix は、Sendmail より安全かつ高速と言われていますが、メールサーバーとしての利用目的やシステムの構築状況などによっては賛否両論があると思います。


MTA サービスとして Postfix を利用するとき、MTA プログラムが Sendmail に設定されていると、システムの起動・停止時にエラーが発生しますので注意して下さい。

パッケージのインストール

 メールサーバーパッケージは、yum コマンドを使用してインストールします。

[root@web ~]# yum install postfix

[ CentOS 6 / CentOS 5 ]

パッケージインストール後の設定

 Postfix に関する設定を変更します。

[root@web ~]# vi /etc/postfix/main.cf

# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
# ホスト名の設定
myhostname = web.i2kt.com

# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
# ドメイン名の設定
mydomain = i2kt.com

# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites.  If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
# メールドメインの設定
myorigin = $mydomain

# RECEIVING MAIL

# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on.  By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
# メール受信インターフェースの設定
inet_interfaces = all
          :
        ( 中略 )
          :
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain.  On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
# 内部メールと判断するメールドメインの設定
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
          :
        ( 中略 )
          :
# TRUST AND RELAY CONTROL

# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix.  See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network.  Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
# リレーするネットワークの設定
mynetworks_style = subnet

# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
# 内部ネットワークアドレスとホストアドレスを指定
mynetworks = 192.168.0.0/24, 127.0.0.0/8

# The relay_domains parameter restricts what destinations this system will
# relay mail to.  See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
#   subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace.  Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
# リレーするドメインの設定
relay_domains = $mydestination
          :
        ( 中略 )
          :
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
# メールボックス格納形式の設定
home_mailbox = Maildir/
          :
        ( 中略 )
          :
# SMTP-AUTH(SASL の有効化)
smtpd_sasl_auth_enable = yes [ yes : 有効 | no : 無効 ]
smtpd_sasl_local_domain = $mydomain
# 不正中継の拒否・リレー制限の設定
smtpd_recipient_restrictions = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_invalid_hostname,
                               reject_non_fqdn_hostname,
                               reject_non_fqdn_sender,
                               reject_non_fqdn_recipient,
                               reject_unknown_sender_domain,
                               reject_unknown_recipient_domain,
                               reject_rbl_client cbl.abuseat.org,
                               reject_rbl_client list.dsbl.org,
                               reject_rbl_client sbl.spamhaus.org,
                               reject_rbl_client pbl.spamhaus.org
                               permit

[ CentOS 6 / CentOS 5 ]

メールサーバーの起動

 パッケージをインストールした段階では、セキュリティを考慮しているため自動起動されません。 システムの再起動後にメールサーバーを自動起動するための設定を行います。

 なお、メールサーバーを起動する前に、手動で MTA サービス(Sendmail)の停止、利用する MTA プログラムの変更を行います。

MTA サービス(Sendmail)を停止する

[root@web ~]# /etc/rc.d/init.d/sendmail stop

sm-client を停止中:                                        [  OK  ]
sendmail を停止中:                                         [  OK  ]

MTA サービス(Sendmail)の自動起動を解除する

[root@web ~]# chkconfig sendmail off

[root@web ~]# chkconfig --list sendmail

sendmail        0:off   1:off   2:off   3:off   4:off   5:off   6:off

MTA プログラムを変更する

[root@web ~]# alternatives --config mta


2 プログラムがあり 'mta' を提供します。

  選択       コマンド
-----------------------------------------------
*+ 1           /usr/sbin/sendmail.sendmail
   2           /usr/sbin/sendmail.postfix

Enter を押して現在の選択 [+] を保持するか、選択番号を入力します:2 [ 1 : Sendmail | 2 : Postfix ]

[ CentOS 5 ]


メールサーバーを起動する

[root@web ~]# /etc/rc.d/init.d/postfix start

postfix を起動中:                                          [  OK  ]

メールサーバーの自動起動を設定する

[root@web ~]# chkconfig postfix on

[root@web ~]# chkconfig --list postfix

postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off

[ CentOS 6 / CentOS 5 ]