TLSサポートのために証明書を作成する。
umask 0077 cat << 'EOF' > /etc/pki/tls/certs/mail.conf [ req ] prompt = no distinguished_name = req_distinguished_name [ req_distinguished_name ] C = JP ST = Tokyo L = Kita-ku O = POOH.GR.JP OU = POOH.GR.JP CN = allekto.pooh.gr.jp EOF openssl req -new -x509 -nodes -days 3650 \ -out /etc/pki/tls/certs/mail.crt \ -keyout /etc/pki/tls/private/mail.key \ -config /etc/pki/tls/certs/mail.conf umask 0022
clamav-milter以外のpostfixの設定。
cat << 'EOF' >> /etc/postfix/main.cf
myhostname = allekto.pooh.gr.jp
mydomain = pooh.gr.jp
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
local_recipient_maps = $alias_maps
mynetworks = 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
relay_domains = $mydestination, softbank.ne.jp
smtpd_banner = $myhostname ESMTP
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.key
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
message_size_limit=10000000
disable_vrfy_command=yes
smtpd_helo_required=yes
strict_rfc821_envelopes=no
allow_percent_hack = yes
swap_bangpath = yes
allow_untrusted_routing = no
smtpd_recipient_restrictions =
reject_unauth_destination,
permit_mynetworks
EOF
permit_mynetworksよりもreject_unauth_destinationを優先しているので、mynetworksからのリレーを許可しているが宛先を$mydestination, softbank.ne.jpに制限している。
