Postfix\u3084Dovecot\u306e\u8a2d\u5b9a\u306b\u3064\u3044\u3066\u69d8\u3005\u306a\u30b5\u30a4\u30c8\u3092\u53c2\u8003\u306b\u3057\u306a\u304c\u3089\u6614\u7d44\u307f\u4e0a\u3052\u305f\u3051\u3069\u3001\u4eca\u3084\u30b5\u30a4\u30c8\u3082\u9589\u9396\u3055\u308c\u3066\u3044\u305f\u308a\u3001\u5185\u5bb9\u306e\u66f4\u65b0\u306a\u3069\u3082\u3042\u3063\u305f\u308a\u3057\u305f\u305f\u3081\u3001\u5099\u5fd8\u9332\u4ee3\u308f\u308a\u306b\u8a2d\u5b9a\u3068\u305d\u306e\u610f\u5473\u3092\u4e00\u89a7\u3067\u6b8b\u3057\u3066\u304a\u304d\u307e\u3059\u3002
\u74b0\u5883\u306fopenSUSE Leap 16.0\u3067\u3059\u3002
\u30ea\u30dd\u30b8\u30c8\u30ea\u306f https:\/\/cdn.opensuse.org\/repositories\/server:\/mail\/ \u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n
ClamAV Milter\u3092\u4f7f\u3063\u3066\u30a6\u30a4\u30eb\u30b9\u691c\u67fb\u3059\u308b\u5834\u5408\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u30bd\u30b1\u30c3\u30c8\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n \u30e1\u30fc\u30eb\u3092\u9001\u308b\u969b\u306b\u306f\u30e6\u30fc\u30b6\u8a8d\u8a3c\u3092\u3057\u306a\u3044\u3068SPAM\u30e1\u30fc\u30eb\u306e\u8e0f\u307f\u53f0\u306b\u3055\u308c\u3066\u3057\u307e\u3044\u307e\u3059\u3002Dovecot\u3092\u904b\u7528\u3059\u308b\u5834\u5408\u306fDovecot\u306e\u8a8d\u8a3c\u3092\u4ecb\u3059\u3053\u3068\u3067OS\u306e\u30ed\u30b0\u30a4\u30f3\u540d\u3068\u30ed\u30b0\u30a4\u30f3\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n \u30b9\u30d1\u30e0\u30e1\u30fc\u30eb\u306e\u53d7\u4fe1\u3092\u9632\u3050\u306b\u306fSpamhaus\u3084pyspf\u3092\u8a2d\u5b9a\u3059\u308b\u3068\u3088\u3044\u3067\u3057\u3087\u3046\u3002 TLS\u306e\u8a2d\u5b9a\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306bSMTP\u3068SMTPD\u3067\u5909\u3048\u308b\u3068\u3088\u3044\u3067\u3057\u3087\u3046\u3002 \u6b8b\u308a\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u8a2d\u5b9a\u3067\u554f\u984c\u306a\u3044\u3067\u3057\u3087\u3046\u3002 \u4ee5\u4e0b\u306e\u3088\u3046\u306bsubmission\u30dd\u30fc\u30c8\u3092\u89e3\u653e\u3057\u3066\u304a\u304f<\/p>\n\n\n\n \u307e\u305fpostlog\u306e\u4e0b\u3042\u305f\u308a\u306bpolicyd-spf\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002policyd-spf\u306e\u8a2d\u5b9a\u306f\u5f8c\u8ff0\u3057\u307e\u3059\u3002<\/p>\n\n\n\n \u540c\u3058\u304fMail\u30ea\u30dd\u30b8\u30c8\u30ea\u3067dovecot\u3092\u5165\u308c\u307e\u3059\u3002<\/p>\n\n\n\n \u57fa\u672c\u7684\u306b\u64cd\u4f5c\u3059\u308b\u5fc5\u8981\u306f\u3042\u308a\u307e\u305b\u3093\u304c\u3001 \u307e\u305a\u306f IMAPS\u3092\u6709\u52b9\u5316\u3057\u305f\u3044\u5834\u5408\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n POP3\u3092\u4f7f\u7528\u3057\u306a\u3044\u5834\u5408\u306f \u307e\u305f\u3001Postfix\u306e\u8a8d\u8a3c\u3092\u53d7\u3051\u4ed8\u3051\u308b\u305f\u3081\u306b\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u8a2d\u5b9a\u3059\u308b\u304b\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u5b58\u5728\u3059\u308b\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3092\u5916\u3057\u307e\u3059\u3002<\/p>\n\n\n\n Dovecot\u3082\u30e1\u30fc\u30eb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089\u3057\u304b\u7e4b\u304c\u306a\u3044\u305f\u3081TLSv1.3\u306e\u307f\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" Postfix\u3084Dovecot\u306e\u8a2d\u5b9a\u306b\u3064\u3044\u3066\u69d8\u3005\u306a\u30b5\u30a4\u30c8\u3092\u53c2\u8003\u306b\u3057\u306a\u304c\u3089\u6614\u7d44\u307f\u4e0a\u3052\u305f\u3051\u3069\u3001\u4eca\u3084\u30b5\u30a4\u30c8\u3082\u9589\u9396\u3055\u308c\u3066\u3044\u305f\u308a\u3001\u5185\u5bb9\u306e\u66f4\u65b0\u306a\u3069\u3082\u3042\u3063\u305f\u308a\u3057\u305f\u305f\u3081\u3001\u5099\u5fd8\u9332\u4ee3\u308f\u308a\u306b\u8a2d\u5b9a\u3068\u305d\u306e\u610f\u5473\u3092\u4e00\u89a7\u3067\u6b8b\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u74b0\u5883\u306fopen […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1371","post","type-post","status-publish","format-standard","hentry","category-server"],"_links":{"self":[{"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/posts\/1371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/comments?post=1371"}],"version-history":[{"count":1,"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/posts\/1371\/revisions"}],"predecessor-version":[{"id":1378,"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/posts\/1371\/revisions\/1378"}],"wp:attachment":[{"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/media?parent=1371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/categories?post=1371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pg-mana.net\/blog\/wp-json\/wp\/v2\/tags?post=1371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}compatibility_level<\/code>\u306f3.6\u306e\u5185\u5bb9\u3067\u3059\u3002<\/p>\n\n\n\nmyhostname<\/code>\u306f\u4e3b\u305f\u308b\u30c9\u30e1\u30a4\u30f3\u3092\u5165\u308c\u307e\u3059\u3002mydestination<\/code>\u306b\u306f\u53d7\u3051\u53d6\u308b\u30e1\u30fc\u30eb\u306eFQDN\u3092\u5165\u308c\u3066\u304a\u304d\u307e\u3059\u3002\u30c9\u30e1\u30a4\u30f3\u304c\u4e00\u3064\u306e\u5834\u5408\u306fmydestination = $myhostname<\/code>\u3068\u3057\u3066\u304a\u3051\u3070\u3088\u3044\u3067\u3059\u3002<\/p>\n\n\n\nrelayhost<\/code>\u306f\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3059\u308b\u969b\u306b\u7d4c\u7531\u3059\u308b\u30db\u30b9\u30c8\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002\u6700\u8fd1\u306fOP25B\u306a\u3069\u304c\u3042\u308a\u3001\u81ea\u5b85\u30b5\u30fc\u30d0\u304b\u3089\u30e1\u30fc\u30eb\u3092\u9001\u308b\u306b\u306f\u4f55\u51e6\u304b\u3092\u7d4c\u7531\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002 MyDNS\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u4eba\u306frelayhost = [auth.gate-on.net]:587<\/code>\u3092\u6307\u5b9a\u3059\u308b\u3068\u3088\u3044\u3067\u3059\u3002<\/p>\n\n\n\nhome_mailbox<\/code>\u306fDovecot\u3068\u9023\u643a\u3059\u308b\u5834\u5408\u306fhome_mailbox = Maildir\/<\/code>\u3068\u3059\u308b\u3068\u3088\u3044\u3067\u3059\u3002<\/p>\n\n\n\nsmtpd_milters = unix:\/var\/run\/clamav\/clamav-milter.sock\nnon_smtpd_milters = unix:\/var\/run\/clamav\/clamav-milter.sock<\/code><\/pre>\n\n\n\nsmtpd_sasl_auth_enable = yes\nsmtpd_sasl_local_domain = $myhostname\nsmtpd_sasl_type = dovecot\nsmtpd_sasl_path = private\/auth\nsmtpd_sasl_security_options = noanonymous<\/code><\/pre>\n\n\n\n
\u305d\u306e\u969b\u306bpolicy_time_limit<\/code>\u3092\u8a2d\u5b9a\u3057\u3066\u304a\u304b\u306a\u3044\u3068spamhaus\u304c\u5fdc\u7b54\u3057\u306a\u3044\u5834\u5408\u306b\u30e1\u30fc\u30eb\u304c\u53d7\u3051\u53d6\u308c\u306a\u3044\u3068\u3044\u3046\u554f\u984c\u304c\u767a\u751f\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002<\/p>\n\n\n\nsmtpd_sender_restrictions = reject_unknown_sender_domain, reject_rhsbl_sender zen.spamhaus.org, reject_rhsbl_sender bl.spamcop.net\nsmtpd_client_restrictions = reject_unknown_sender_domain, reject_rhsbl_sender zen.spamhaus.org, reject_rhsbl_sender bl.spamcop.net\nsmtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private\/policy\npolicy_time_limit = 3600<\/code><\/pre>\n\n\n\n
SMTP\u306e\u65b9\u306f\u3001Thunderbird\u306a\u3069\u30e1\u30fc\u30eb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089\u63a5\u7d9a\u3059\u308b\u969b\u306b\u4f7f\u7528\u3057\u307e\u3059\u3002\u6700\u8fd1\u306e\u30e1\u30fc\u30eb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u307b\u3068\u3093\u3069TLSv1.3\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u308b\u306e\u3067\u3001TLSv1.3\u3060\u3051\u3067\u826f\u3044\u3067\u3057\u3087\u3046\u3002
\u4e00\u65b9\u3067\u3001SMTPD\u306e\u65b9\u306f\u5916\u90e8\u306e\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u304b\u3089\u306e\u63a5\u7d9a\u304c\u5fc5\u305a\u3057\u3082TLSv1.3\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u306a\u3044\u305f\u3081TLSv1.2\u307e\u3067\u5bfe\u5fdc\u3057\u307e\u3059\u3002\u3053\u306e\u3042\u305f\u308a\u306e\u8a2d\u5b9a\u306fhttps:\/\/ssl-config.mozilla.org\/<\/a>\u306eIntermediate\u3092\u53c2\u8003\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\nsmtp_tls_security_level = encrypt\nsmtp_tls_cert_file = \/path\/to\/public.crt\nsmtp_tls_key_file = \/path\/to\/private.key\nsmtp_tls_protocols = >=TLSv1.3\nsmtp_tls_session_cache_database = lmdb:${queue_directory}\/smtp_scache\n\nsmtpd_tls_security_level = encrypt\nsmtpd_tls_auth_only = yes\nsmtpd_tls_cert_file = \/path\/to\/public.crt\nsmtpd_tls_key_file = \/path\/to\/private.key\nsmtpd_tls_ask_ccert = no\nsmtpd_tls_received_header = no\nsmtpd_tls_mandatory_protocols = >=TLSv1.2\nsmtpd_tls_protocols = >=TLSv1.2\nsmtpd_tls_mandatory_ciphers = medium\nsmtpd_tls_session_cache_database = lmdb:${queue_directory}\/smtpd_scache\ntls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305\ntls_preempt_cipherlist = no<\/code><\/pre>\n\n\n\nlmdb:\/etc\/postfix\/hoge<\/code>\u306a\u3069\u8a18\u8ff0\u3057\u3066\u3044\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u64cd\u4f5c\u3057\u305f\u5834\u5408\u306fpostmap \/etc\/postfix\/hoge<\/code>\u3067DB\u3092\u66f4\u65b0\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\nmaster.cf<\/h3>\n\n\n\n
submission inet n - n - - smtpd\n# -o syslog_name=postfix\/submission\n -o smtpd_tls_security_level=encrypt\n# -o content_filter=smtp:[127.0.0.1]:10024\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_tls_auth_only=yes\n -o smtpd_reject_unlisted_recipient=no<\/code><\/pre>\n\n\n\npolicy unix - n n - 0 spawn\n user=nobody argv=\/usr\/bin\/policyd-spf<\/code><\/pre>\n\n\n\npolicyd-spf<\/h2>\n\n\n\n
python313-pyspf<\/code>(\u304b\u5f8c\u7d99\u30d0\u30fc\u30b8\u30e7\u30f3)\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002\/usr\/bin\/policyd-spf<\/code>\u306f\u81ea\u52d5\u3067\u4f5c\u6210\u3055\u308c\u306a\u3044\u306e\u3067ln -s \/usr\/bin\/policyd-spf-3.13 \/usr\/bin\/policyd-spf<\/code>\u3067\u30b7\u30f3\u30dc\u30ea\u30c3\u30af\u30ea\u30f3\u30af\u3092\u5f35\u308a\u307e\u3059\u3002<\/p>\n\n\n\n\/etc\/python-policyd-spf\/policyd-spf.conf<\/code>\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u3059\u308c\u3070\u8ff7\u60d1\u30e1\u30fc\u30eb\u304c\u6fc0\u6e1b\u3059\u308b\u306f\u305a\u3067\u3059\u3002<\/p>\n\n\n\ndebugLevel = 1\nTestOnly = 1\n\nHELO_reject = Softfail\nMail_From_reject = SPF_Not_Pass\n\nPermError_reject = True\nTempError_Defer = True\n\nskip_addresses = 127.0.0.0\/8,::ffff:127.0.0.0\/104,::1<\/code><\/pre>\n\n\n\nDovecot<\/h2>\n\n\n\n
dovecot.conf<\/h3>\n\n\n\n
protocols = imap<\/code>\u3068listen = *, ::<\/code>\u306f\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u307e\u3059\u3002IPv6\u74b0\u5883\u304c\u306a\u3044\u5834\u5408\u306f\", ::\"<\/code>\u3092\u524a\u9664\u3057\u307e\u3059\u3002<\/p>\n\n\n\nconf.d\/10-auth.conf<\/h3>\n\n\n\n
disable_plaintext_auth = no<\/code>\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u3053\u308c\u304c\u306a\u3044\u3068\u5e73\u6587\u3067\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u3084\u308a\u53d6\u308a\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002
conf.d\/auth-*.conf.ext\u306fPAM\u3092\u4f7f\u7528\u3059\u308b\u306a\u3089\u57fa\u672c\u7684\u306b\u64cd\u4f5c\u3059\u308b\u5fc5\u8981\u306f\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n\n\n\nconf.d\/10-master.conf<\/h3>\n\n\n\n
service imap-login {\n inet_listener imap {\n #port = 143\n }\n inet_listener imaps {\n port = 993\n ssl = yes\n }\n}<\/code><\/pre>\n\n\n\nservice pop3-login<\/code>\u306f\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3057\u307e\u3059\u3002<\/p>\n\n\n\nservice auth {\n # Postfix smtp-auth\n unix_listener \/var\/spool\/postfix\/private\/auth {\n mode = 0666\n user = postfix\n group = postfix\n }\n}<\/code><\/pre>\n\n\n\nconf.d\/10-ssl.conf<\/h3>\n\n\n\n
# SSL\/TLS support: yes, no, required. <doc\/wiki\/SSL.txt>\nssl = required\n\n# PEM encoded X.509 SSL\/TLS certificate and private key. They're opened before\n# dropping root privileges, so keep the key file unreadable by anyone but\n# root. Included doc\/mkcert.sh can be used to easily generate self-signed\n# certificate, just make sure to update the domains in dovecot-openssl.cnf\nssl_cert = <\/path\/to\/public.crt\nssl_key = <\/path\/to\/private.key\n\nssl_dh = <\/etc\/dovecot\/dh.pem\n\n# SSL protocols to use\nssl_min_protocol = TLSv1.3\n\n# Prefer the server's order of ciphers over client's.\nssl_prefer_server_ciphers = yes\n<\/code><\/pre>\n\n\n\n