메뉴 건너뛰기

조회 수 10143 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

참고사이트 :

https://www.exratione.com/2016/05/a-mailserver-on-ubuntu-16-04-postfix-dovecot-mysql/

 

기본 설정

 

이전글 : 우분투 16.04 서버 세팅

처럼 서버가 기본 세팅이 완료된 상태라고 가정하고 다음부터 적용된다.

 

SSL 설정

 

ssl cert 도메인명에 맞춰 재생성

 

apt-get install ssl-cert
make-ssl-cert generate-default-snakeoil --force-overwrite

 

Diffie-Helman Group conf 파일 생성

 

openssl dhparam -out /etc/ssl/private/dhparams.pem 2048
chmod 600 /etc/ssl/private/dhparams.pem

 

/etc/apache2/sites-available/mail.ddart.net.conf 추가

 

<VirtualHost *:80>
    ServerName mail.ddart.net
    ServerAdmin admin@ddart.net

    DocumentRoot /home/ddart/www/mail
    <Directory "/home/ddart/www/mail">
        Options FollowSymLinks
        AllowOverride All
    </Directory>

    AssignUserID ddart ddart
    ErrorLog ${APACHE_LOG_DIR}/mail.ddart.net-error.log
    CustomLog ${APACHE_LOG_DIR}/mail.ddart.net-access.log combined
</VirtualHost>

 

 

a2ensite mail.ddart.net

 

무료 SSL certificate 생성, 아파치conf 자동설정해주는 certbot 설치

 

apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-apache
certbot --apache

 

ssl 테스트 주소

https://www.ssllabs.com/ssltest/analyze.html?d=mail.ddart.net

 

certbot 이용방법
https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache.html

 

3개월마다 renewal 해줘야하는데 크론탭에 다음 명령 적절한 주기로 추가

 

certbot renew --dry-run

 

 

/etc/apache2/sites-available/mail.ddart.net-le-ssl.conf 수정

 

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName mail.ddart.net
    DocumentRoot /home/ddart/www/mail
    <Directory /home/ddart/www/mail>
        Options FollowSymLinks
        AllowOverride All
        SSLOptions +StdEnvVarS
        Require all granted
    </Directory>


    AssignUserID ddart ddart

 

 

 

/etc/apache2/mods-available/ssl.conf 에 다음 구문 추가

 

# Protect against Logjam attacks. See: https://weakdh.org
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"

 

apache restart

 

service apache2 restart

 

 

mail-server^ 패키지 설치

 

apt-get install mail-server^

 

설치 도중 묻는 질문에 Internet site 와 mail.ddart.net 이라 답한다.

 

mysql support 및 spam 방지 패키지 설치

 

apt-get install postfix-mysql dovecot-mysql postgrey amavis clamav  clamav-daemon spamassassin libdbi-perl libdbd-mysql-perl php7.0-imap

 

apache restart

 

service apache2 restart

 

스팸, 바이러스 감지 패키지들의 능력을 확장해줄 선택적 패키지 추가 설치

 

apt-get install pyzor razor arj cabextract lzop nomarch p7zip-full ripole rpm2cpio tnef unzip unrar-free zip zoo

 

MariaDB cnf 수정

/etc/mysql/mariadb.conf.d/50-server.cnf

[mysqld] 아래에

 

# This removes NO_ZERO_IN_DATE and NO_ZERO_DATE, which cause problems for   
# Postfix Admin code, from strict mode.
sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_

 

service mysql restart

 

db 생성 및 db user 추가

 

mysql> use mysql;
mysql> create database mail default character set utf8 collate utf8_general_ci;
mysql> create user mail@localhost identified by '비밀번호';
mysql> grant all privileges on mail.* to mail@localhost identified by '비밀번호';
mysql> flush privileges;

 

PostfixAdmin

 

설치

 

wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.93/postfixadmin-2.93.tar.gz
tar -xf postfixadmin-2.93.tar.gz
rm -f postfixadmin-2.93.tar.gz
mkdir /home/ddart/www/mail
mv postfixadmin-2.93 /home/ddart/www/mail/
ln -s /home/ddart/www/mail/postfixadmin-2.93 /home/ddart/www/mail/postfixadmin
chown -R ddart:ddart /home/ddart/www/mail

 

설정

 

config.local.php 파일을 새로 만들어 작성한다.

vi /home/ddart/www/mail/postfixadmin/config.local.php

 

<?php
// Configuration options here override those in config.inc.php.

// You have to set $CONF['configured'] = true; before the
// application will run.
$CONF['configured'] = true;

// Postfix Admin Path
// Set the location of your Postfix Admin installation here.
// YOU MUST ENTER THE COMPLETE URL e.g. http://domain.tld/postfixadmin
$CONF['postfix_admin_url'] = 'https://mail.example.com/postfixadmin';

// Database connection details.
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'mail';
$CONF['database_password'] = '비밀번호';
$CONF['database_name'] = 'mail';

// Site Admin
// Define the Site Admin's email address below.
// This will be used to send emails from to create mailboxes and
// from Send Email / Broadcast message pages.
// Leave blank to send email from the logged-in Admin's Email address.
$CONF['admin_email'] = 'admin@ddart.net';

// Mail Server
// Hostname (FQDN) of your mail server.
// This is used to send email to Postfix in order to create mailboxes.
$CONF['smtp_server'] = 'localhost';
$CONF['smtp_port'] = '25';

// Encrypt
// In what way do you want the passwords to be crypted?
// md5crypt = internal postfix admin md5
$CONF['encrypt'] = 'md5crypt';

// Default Aliases
// The default aliases that need to be created for all domains.
$CONF['default_aliases'] = array (
    'abuse' => 'admin@ddart.net',
    'hostmaster' => 'admin@ddart.net',
    'postmaster' => 'admin@ddart.net',
    'webmaster' => 'admin@ddart.net'
);

// Footer
// Below information will be on all pages.
// If you don't want the footer information to appear set this to 'NO'.
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Return to mail.ddart.net';
$CONF['footer_link'] = 'https://mail.ddart.net';

// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
// Examples:
//   YES: /usr/local/virtual/domain.tld/username@domain.tld
//   NO:  /usr/local/virtual/username@domain.tld
$CONF['domain_path'] = 'NO';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Examples:
//   YES: /usr/local/virtual/domain.tld/username@domain.tld
//   NO:  /usr/local/virtual/domain.tld/username
// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES.
$CONF['domain_in_mailbox'] = 'YES';

// Specify '' for Dovecot and 'INBOX.' for Courier.
$CONF['create_mailbox_subdirs_prefix']='';

?>
 

 

 

https://mail.ddart.net/postfixadmin/setup.php 접속

 

setup 비번 설정후 나온 hash값

 

If you want to use the password you entered as setup password, edit config.inc.php or config.local.php and set

$CONF['setup_password'] = '해쉬값';

 

php 변수를 카피해 config.local.php 에 추가한다.

 

다시 setup.php 로 superadmin 계정을 만들고 나면 setup 완료

 

vi /home/ddart/www/mail/postfixadmin/.htaccess

 

<Files "setup.php">
deny from all
</Files>

로 setup.php disable 시킴

 

https://mail.ddart.net/postfixadmin/ 으로 로그인

 

Domain List -> New Domain 에서 ddart.net 추가

 

추가된 ddart.net 도메인 이름 클릭해서

Alias 메일 과 새로운 메일계정 추가. admin 메일계정도 'Add Mailbox' 에서 신규로 추가해줘야한다.

 

Virtual Mail 디렉토리 생성 및 관리할 유저 추가

 

useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual maildir handler" vmail
mkdir /var/vmail
chmod 770 /var/vmail
chown vmail:mail /var/vmail

 

Dovecot 설정

 

/etc/dovecot/dovecot-sql.conf.ext 파일을 열어 아래 처럼 수정한다

 

# Database driver: mysql, pgsql, sqlite
driver = mysql

#-------------------------------------------
connect = host=localhost dbname=mail user=mail password=mailpassword

#-------------------------------------------
password_query = \
  SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, \
  'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid \
  FROM mailbox WHERE username = '%u' AND active = '1'

#-------------------------------------------
user_query = \
  SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, \
  150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota \
  FROM mailbox WHERE username = '%u' AND active = '1'

 

 

/etc/dovecot/conf.d/10-auth.conf  열어 아래부분을 수정한다

 

#------------------------------
disable_plaintext_auth = yes

#------------------------------
auth_mechanisms = plain login

#------------------------------
#!include auth-system.conf.ext
!include auth-sql.conf.ext
 

 

/etc/dovecot/conf.d/10-mail.conf 열어 아래부분을 수정한다.

 

#mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_location = maildir:/var/vmail/%d/%n
#---------------------------------------
#mail_uid =
#mail_gid =
mail_uid = vmail
mail_gid = mail
#---------------------------------------
#first_valid_uid = 500
#last_valid_uid = 0
# Use the vmail user uid here.
first_valid_uid = 150
last_valid_uid = 150

 

uid 확인법

 

id vmail

 

/etc/dovecot/conf.d/10-ssl.conf 를 열어

 

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes
#---------------------------------------
#ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem

ssl_cert = </etc/letsencrypt/live/mail.ddart.net/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.ddart.net/privkey.pem
#---------------------------------------
# DH parameters length to use.
#ssl_dh_parameters_length = 1024
ssl_dh_parameters_length = 2048

# SSL protocols to use
#ssl_protocols = !SSLv2
ssl_protocols = !SSLv2 !SSLv3

# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA


# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
ssl_prefer_server_ciphers = yes

 

/etc/dovecot/conf.d/10-master.conf 에서

 

 

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
  # full permissions to this socket are able to get a list of all usernames and
  # get the results of everyone's userdb lookups.
  #
  # The default 0666 mode allows anyone to connect to the socket, but the
  # userdb lookups will succeed only if the userdb returns an "uid" field that
  # matches the caller process's UID. Also if caller's uid or gid matches the
  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
  #
  # To give the caller full permissions to lookup all users, set the mode to
  # something else than 0666 and Dovecot lets the kernel enforce the
  # permissions (e.g. 0777 allows everyone full permissions).
  unix_listener auth-userdb {
    #mode = 0666
    #user =
    #group =
    mode = 0666
    user = vmail
    group = mail
  }

  # Postfix smtp-auth
  #unix_listener /var/spool/postfix/private/auth {
  #  mode = 0666
  #}

  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    # Assuming the default Postfix user and group
    user = postfix
    group = postfix
  }

 

/etc/dovecot/conf.d/15-lda.conf

 

# Address to use when sending rejection mails.
# Default is postmaster@<your domain>. %d expands to recipient domain.
postmaster_address = postmaster@ddart.net

# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
# in LMTP replies. Default is the system's real hostname@domain.
hostname = mail

 

dovecot 소유, 퍼미션 조정

 

chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot

 

Amavis, ClamAV, and SpamAssassin 설정

 

사용자 그룹추가

 

adduser clamav amavis
adduser amavis clamav

 

/etc/clamav/clamd.conf

 

#AllowSupplementaryGroups false
AllowSupplementaryGroups true

 

/etc/amavis/conf.d/15-content_filter_mode 에 bypass 주석 제거

 

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Please note, that anti-spam checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:


@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # ensure a defined return

 

/etc/default/spamassassin

 

ENABLED=1
#---------------------------------
CRON=1

 

/etc/amavis/conf.d/50-user

 

use strict;
 
#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
 
# Three concurrent processes. This should fit into the RAM available on an
# AWS micro instance. This has to match the number of processes specified
# for Amavis in /etc/postfix/master.cf.
$max_servers  = 3;
 
# Add spam info headers if at or above that level - this ensures they
# are always added.
$sa_tag_level_deflt  = -9999;
 
# Check the database to see if mail is for local delivery, and thus
# should be spam checked.
@lookup_sql_dsn = (
    ['DBI:mysql:database=mail;host=127.0.0.1;port=3306',
     'mail',
     '비밀번호']);
$sql_select_policy = 'SELECT domain from domain WHERE CONCAT("@",domain) IN (%k)';
 
# Uncomment to bump up the log level when testing.
# $log_level = 2;
 
#------------ Do not modify anything below this line -------------
1;  # ensure a defined return
 

 

ClamAV 데이터베이스 업데이트

 

freshclam

 

서비스 재시작

 

service clamav-daemon restart
service amavis restart
service spamassassin restart

 

Postfix 설정

 

아래 파일들 새로 생성

/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf

 

user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
query = SELECT goto FROM alias,alias_domain
  WHERE alias_domain.alias_domain = '%d'
  AND alias.address=concat('%u', '@', alias_domain.target_domain)
  AND alias.active = 1

 

/etc/postfix/mysql_virtual_alias_maps.cf

 

user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'

 

/etc/postfix/mysql_virtual_domains_maps.cf

 

user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'

 

/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf

 

user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
query = SELECT maildir FROM mailbox, alias_domain
  WHERE alias_domain.alias_domain = '%d'
  AND mailbox.username=concat('%u', '@', alias_domain.target_domain )
  AND mailbox.active = 1

 

/etc/postfix/mysql_virtual_mailbox_maps.cf

 

user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
table = mailbox
select_field = CONCAT(domain, '/', local_part)
where_field = username
additional_conditions = and active = '1'

 

/etc/postfix/mysql_virtual_sender_login_maps.cf

 

user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
query = SELECT goto FROM alias WHERE address='%s'

 

/etc/postfix/header_checks

 

/^Received:/                 IGNORE
/^User-Agent:/               IGNORE
/^X-Mailer:/                 IGNORE
/^X-Originating-IP:/         IGNORE
/^x-cr-[a-z]*:/              IGNORE
/^Thread-Index:/             IGNORE

 

/etc/postfix/main.cf 설정

 

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# The first text sent to a connecting process.
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
readme_directory = no

# ---------------------------------
# SASL parameters
# ---------------------------------

# Use Dovecot to authenticate.
smtpd_sasl_type = dovecot
# Referring to /var/spool/postfix/private/auth
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = yes

# ---------------------------------
# TLS parameters
# ---------------------------------

# The default snakeoil certificate. Comment if using a purchased
# SSL certificate.
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.ddart.net/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.ddart.net/privkey.pem

# Uncomment if using a purchased SSL certificate.
# smtpd_tls_cert_file=/etc/ssl/certs/example.com.crt
# smtpd_tls_key_file=/etc/ssl/private/example.com.key

# The snakeoil self-signed certificate has no need for a CA file. But
# if you are using your own SSL certificate, then you probably have
# a CA certificate bundle from your provider. The path to that goes
# here.
# smtpd_tls_CAfile=/etc/ssl/certs/ca-bundle.crt

# Ensure we're not using no-longer-secure protocols.
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# Note that forcing use of TLS is going to cause breakage - most mail servers
# don't offer it and so delivery will fail, both incoming and outgoing. This is
# unfortunate given what various governmental agencies are up to these days.
#
# Enable (but don't force) all incoming smtp connections to use TLS.
smtpd_tls_security_level = may
# Enable (but don't force) all outgoing smtp connections to use TLS.
smtp_tls_security_level = may

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

# ---------------------------------
# TLS Updates relating to Logjam SSL attacks.
# See: https://weakdh.org/sysadmin.html
# ---------------------------------

smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem

# ---------------------------------
# SMTPD parameters
# ---------------------------------

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12

# This next set are important for determining who can send mail and relay mail
# to other servers. It is very important to get this right - accidentally producing
# an open relay that allows unauthenticated sending of mail is a Very Bad Thing.
#
# You are encouraged to read up on what exactly each of these options accomplish.

# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details. Note that the order matters.
# E.g. see http://jimsun.linxnet.com/misc/restriction_order_prelim-03.txt
smtpd_sender_restrictions = permit_mynetworks, reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl
# Requirement for the recipient address. Note that the entry for
# "check_policy_service inet:127.0.0.1:10023" enables Postgrey.
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_data_restrictions = reject_unauth_pipelining
# This is a new option as of Postfix 2.10, and is required in addition to
# smtpd_recipient_restrictions for things to work properly in this setup.
smtpd_relay_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

# ---------------------------------
# General host and delivery info
# ----------------------------------

myhostname = mail.ddart.net
myorigin = /etc/hostname
# Some people see issues when setting mydestination explicitly to the server
# subdomain, while leaving it empty generally doesn't hurt. So it is left empty here.
# mydestination = mail.ddart.net, localhost
mydestination =
# If you have a separate web server that sends outgoing mail through this
# mailserver, you may want to add its IP address to the space-delimited list in
# mynetworks, e.g. as 10.10.10.10/32.
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host

# This specifies where the virtual mailbox folders will be located.
virtual_mailbox_base = /var/vmail
# This is for the mailbox location for each user. The domainaliases
# map allows us to make use of Postfix Admin's domain alias feature.
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
# and their user id
virtual_uid_maps = static:150
# and group id
virtual_gid_maps = static:8
# This is for aliases. The domainaliases map allows us to make
# use of Postfix Admin's domain alias feature.
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
# This is for domain lookups.
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
# Used in conjunction with reject_authenticated_sender_login_mismatch to
# verify that the sender is sending with their own address, or with one
# of the aliases mapped to that address.
smtpd_sender_login_maps = mysql:/etc/postfix/mysql_virtual_sender_login_maps.cf

# ---------------------------------
# Integration with other packages
# ---------------------------------------

# Tell postfix to hand off mail to the definition for dovecot in master.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# Use amavis for virus and spam scanning
content_filter = amavis:[127.0.0.1]:10024

# ---------------------------------
# Header manipulation
# --------------------------------------

# Getting rid of unwanted headers. See: https://posluns.com/guides/header-removal/
header_checks = regexp:/etc/postfix/header_checks
# getting rid of x-original-to
enable_original_recipient = no
 

 

/etc/postfix/master.cf

 

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
 
# SMTP on port 25, unencrypted.
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
 
# SMTP with TLS on port 587. Currently commented.
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_enforce_tls=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
#  -o smtpd_sasl_tls_security_options=noanonymous
 
# SMTP over SSL on port 465.
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
  -o smtpd_sasl_security_options=noanonymous,noplaintext
  -o smtpd_sasl_tls_security_options=noanonymous
 
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
  -o content_filter=
  -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
 
# The next two entries integrate with Amavis for anti-virus/spam checks.
amavis      unix    -       -       -       -       3       smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20
127.0.0.1:10025 inet    n       -       -       -       -       smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
 
# Integration with Dovecot - hand mail over to it for local delivery, and
# run the process under the vmail user and mail group.
dovecot      unix   -        n      n       -       -   pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)
 

 

모든 서비스 재시작 및 테스트

 

service postfix restart
service spamassassin restart
service clamav-daemon restart
service clamav-freshclam restart
service amavis restart
service dovecot restart
 

 

아웃룩으로 계정 추가해 테스트 한다.

설정 Advance 탭에서 POP3 에 SSL 체크하고 SMTP는 Auto 로 설정해야함.

웹메일, 모니터링 툴등은 다음에..

 


List of Articles
번호 제목 글쓴이 날짜 조회 수
62 해외 IP차단 DDART 2019.06.12 2465
61 터미널에서 backspace 키가 안눌러질때 DDART 2020.07.10 1895
60 저전력 홈서버 구축 DDART 2013.10.17 22978
59 작업순서 DDART 2013.07.08 21164
58 윈도우용 아파치에서 localhost 를 https로 띄우기 file DDART 2023.06.20 818
57 윈도우용 아파치 php 버전 동시에 2개이상 띄우기 DDART 2023.05.26 695
56 윈도우에서 우분투 MariaDB 10.5 로 SSL접속시 SEC_E_ALGORITHM_MISMATCH 오류 DDART 2021.09.14 6207
55 윈도우에서 우분투 22.04 MariaDB 서버 SSL접속시 SEC_E_ALGORITHM_MISMATCH 오류 DDART 2024.01.20 466
54 윈도우에서 우분투 20.04 MariaDB 서버 SSL접속시 SEC_E_ALGORITHM_MISMATCH 오류 DDART 2023.05.06 1142
53 윈도우10 아이콘이 제대로 표시 안될때 DDART 2023.11.08 482
52 윈도우 자동화관련 툴 DDART 2019.06.01 7185
51 윈도우 메일서버구축 DDART 2013.10.17 21532
50 윈도우 10에서 구글 어시스턴트 명령 DDART 2019.09.08 2102
49 윈도우 10 마이크로소프트 계정 PIN 없이 자동로그인 DDART 2020.09.16 1712
48 원격데스크톱 연결후 화면 사라짐현상, 특정 IP만 접속 허용 DDART 2023.05.04 1123
47 원격데스크톱 마이크로소프트 계정 자격증명 실패할때 DDART 2023.04.28 1196
46 우분투 파일시스템 이미지파일 만들기 DDART 2013.07.08 21465
45 우분투 서버 자동업데이트 DDART 2021.07.02 1382
44 우분투 서버 업데이트 후 자동 전원 대기모드 방지 DDART 2021.07.22 1747
43 우분투 22.04 메일서버 설정 DDART 2023.06.13 878
Board Pagination Prev 1 2 3 ... 4 Next
/ 4