その他のpostfixの設定

  Linux

TLSサポートのために証明書を作成する。

umask 0077
cat << 'EOF' > /etc/pki/tls/certs/mail.conf
[ req ]
prompt                  = no
distinguished_name      = req_distinguished_name
[ req_distinguished_name ]
C                       = JP
ST                      = Tokyo
L                       = Kita-ku
O                       = POOH.GR.JP
OU                      = POOH.GR.JP
CN                      = allekto.pooh.gr.jp
EOF
openssl req -new -x509 -nodes -days 3650 \
 -out /etc/pki/tls/certs/mail.crt \
 -keyout /etc/pki/tls/private/mail.key \
 -config /etc/pki/tls/certs/mail.conf
umask 0022

clamav-milter以外のpostfixの設定。

cat << 'EOF' >> /etc/postfix/main.cf
myhostname = allekto.pooh.gr.jp
mydomain = pooh.gr.jp
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
local_recipient_maps = $alias_maps
mynetworks = 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
relay_domains = $mydestination, softbank.ne.jp
smtpd_banner = $myhostname ESMTP
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.key
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
message_size_limit=10000000
disable_vrfy_command=yes
smtpd_helo_required=yes
strict_rfc821_envelopes=no
allow_percent_hack = yes
swap_bangpath = yes
allow_untrusted_routing = no
smtpd_recipient_restrictions =
    reject_unauth_destination,
    permit_mynetworks
EOF

permit_mynetworksよりもreject_unauth_destinationを優先しているので、mynetworksからのリレーを許可しているが宛先を$mydestination, softbank.ne.jpに制限している。