2009/03/09

FreeBSD 7.1 で Postfix 2.4.7 + Dovecot 1.1.7 + DKIM 2.7.2

Postfix/Dovecot/dkim-milter をインストール,sa-test@sendmail.net を用いたテストをパスした時点 での pkg_info。


compat5x-i386-5.4.0.8_9 A convenience package to install the compat5x libraries
cvsup-without-gui-16.1h_4 File distribution system optimized for CVS (non-GUI version
db41-4.1.25_4 The Berkeley DB package, revision 4.1
dkim-milter-2.7.2 Domainkeys Identified Mail (DKIM) milter
dovecot-1.1.7 Secure and compact IMAP and POP3 servers
libiconv-1.11_1 A character set conversion library
libspf2-1.0.4_1 Sender Rewriting Scheme 2 C Implementation
localedata-5.4 Legacy locale data for FreeBSD 6+
openldap-client-2.4.11 Open source LDAP client implementation
pcre-7.7_1 Perl Compatible Regular Exblockquotessions library
perl-5.8.8_1 Practical Extraction and Report Language
portupgrade-2.4.6,2 FreeBSD ports/packages administration and management tool s
postfix-2.4.7,1 A secure alternative to widely-used Sendmail
postfix-policyd-spf-1.0.1_3 Implements SPF for postfix, as a policy daemon
ruby-1.8.6.287,1 An object-oriented interblockquoteted scripting language
ruby18-bdb-0.6.4 Ruby interface to Sleepycat's Berkeley DB


Dovecot と Postfix はLDAP認証をサポートするようにオプションを設定してportsからビルドする必要がある。他のportsはpkg_add -rでバイナリをインストールしたほうがよい。

/etc/rc.conf

sendmail_enable="NONE"
postfix_enable="YES"
dovecot_enable="YES"
milterdkim_enable="YES"
milterdkim_uid="postfix"


/var/db/ports/postfix/options

_OPTIONS_READ=postfix-2.4.7,1
WITH_PCRE=true
WITHOUT_SASL2=true
WITH_DOVECOT=true
WITHOUT_SASLKRB=true
WITHOUT_SASLKRB5=true
WITHOUT_SASLKMIT=true
WITH_TLS=true
WITHOUT_BDB=true
WITHOUT_MYSQL=true
WITHOUT_PGSQL=true
WITH_OPENLDAP=true
WITHOUT_CDB=true
WITHOUT_NIS=true
WITHOUT_VDA=true
WITHOUT_TEST=true


/var/db/ports/dovecot/options

_OPTIONS_READ=dovecot-1.1.7
WITH_KQUEUE=true
WITH_SSL=true
WITHOUT_IPV6=true
WITH_POP3=true
WITH_LDA=true
WITHOUT_MANAGESIEVE=true
WITHOUT_GSSAPI=true
WITHOUT_VPOPMAIL=true
WITHOUT_BDB=true
WITH_LDAP=true
WITHOUT_PGSQL=true
WITHOUT_MYSQL=true
WITHOUT_SQLITE=true


以下設定ファイル

/usr/local/etc/postfix/main.cf

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix

mail_owner = postfix

myhostname = postfix.domain.co.jp
mydomain = domain.co.jp

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

unknown_local_recipient_reject_code = 550

mynetworks_style = subnet
mynetworks = 192.168.0.0/24, 127.0.0.0/8

relay_domains = $mydestination

home_mailbox = Maildir/

mail_spool_directory = /var/mail

smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no

smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_log_level = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_mandatory_ciphers = export
smtpd_tls_always_issue_session_ids = no
tls_random_source = /dev/random

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_policy_service unix:private/policy
broken_sasl_auth_clients = yes

body_checks_size_limit = 51200
bounce_size_limit = 50000
header_size_limit = 102400
mailbox_size_limit = 102400000
message_size_limit = 15360000

milter_connect_macros = b j _ {daemon_name} {if_name} {if_addr}
smtpd_milters = unix:/var/run/milterdkim/dkim-filter.sock
non_smtpd_milters = unix:/var/run/milterdkim/dkim-filter.sock
milter_default_action = accept


/usr/local/etc/postfix/master.cf

#==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
policy unix - n n - - spawn
user=nobody argv=/usr/local/sbin/postfix-policyd-spf
#smtp-amavis unix - - n - 2 smtp
# -o smtp_data_done_timeout=1200
# -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes


/usr/local/etc/dovecot.conf

protocols = imaps pop3s
disable_plaintext_auth = no

ssl_disable = no
ssl_cert_file = /etc/ssl/certs/server.crt
ssl_key_file = /etc/ssl/private/dovecot.pem

mail_location = maildir:~/Maildir
mail_privileged_group = mail

verbose_proctitle = yes
first_valid_gid = 0

protocol imap {
imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep
}

protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

protocol lda {
postmaster_address = postmaster@domain.co.jp
hostname = mail.domain.co.jp
sendmail_path = /usr/sbin/sendmail
}

auth default {
mechanisms = login plain

passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb passwd {
}
socket listen {
client {
path=/var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}

dict {
}
plugin {
}


/usr/local/etc/dovecot-ldap.conf

hosts = ldap
dn = cn=Manager,dc=domain,dc=jp
dnpass = *********
debug_level = 0
ldap_version = 3
base = ou=Users,dc=domain,dc=jp


/usr/local/etc/openldap/ldap.conf

BASE dc=domain,dc=jp
URI ldap://ldap


/usr/local/etc/mail/dkim-filter.conf

Background Yes
Domain domain.co.jp
KeyFile /var/db/dkim/default.private
InternalHosts /usr/local/etc/mail/dkim-filter.ilist
Selector default
Socket local:/var/run/milterdkim/dkim-filter.sock
UserID postfix
Mode sv
X-Header Yes


/usr/local/etc/mail/dkim-filter.ilist

192.168.0.0/24
127.0.0.1


/usr/local/etc/amavisd.conf

@bypass_spam_checks_maps = (1); # controls running of anti-spam code
$mydomain = 'pf.domain.co.jp'; # a convenient default for other settings


SSL証明書

/etc/ssl:
private/dovecot.pem
private/server.csr
certs/dovecot.pem
certs/server.crt


/var/db/dkim:

-r--r--r-- 1 root wheel 306 Sep 9 21:56 default.txt
-rw------- 1 postfix mail 891 Sep 9 21:56 default.private
drwxr-xr-x 2 root wheel 512 Jan 7 09:40 ./


/var/run/dovecot:

-rw------- 1 root wheel 5 Jan 7 10:01 master.pid
drwxr-x--- 2 root dovecot 512 Jan 7 10:01 login/
srwxrwxrwx 1 root wheel 0 Jan 7 10:01 dict-server=
srw------- 1 root wheel 0 Jan 7 10:01 auth-worker.1059=
drwxr-xr-x 3 root wheel 512 Jan 7 10:01 ./


/var/run/milterdkim:

-rw-r--r-- 1 postfix wheel 4 Jan 7 09:40 pid
srwxr-xr-x 1 postfix wheel 0 Jan 7 09:40 dkim-filter.sock=
drwxr-xr-x 2 postfix wheel 512 Jan 7 09:40 ./


PostfixとDovecotが正常に起動したときの /var/log/maillog

Jan 7 00:48:54 postfix dovecot: Dovecot v1.1.7 starting up
Jan 7 00:49:01 postfix postfix/postfix-script[2959]: starting the Postfix mail system
Jan 7 00:49:01 postfix postfix/master[2960]: daemon started -- version 2.4.7, configuration /usr/local/etc/postfix



576 ?? Is 0:00.05 /usr/local/libexec/dkim-filter -l -u postfix -P /var/run/milterdkim/pid -x /usr/local/etc/mail/dkim-filter.conf
2899 ?? Ss 0:00.01 /usr/local/sbin/dovecot -c /usr/local/etc/dovecot.conf
2900 ?? S 0:00.02 dovecot-auth
2901 ?? I 0:00.01 pop3-login
2902 ?? I 0:00.02 pop3-login
2903 ?? I 0:00.02 pop3-login
2904 ?? I 0:00.01 imap-login
2905 ?? I 0:00.01 imap-login
2906 ?? I 0:00.02 imap-login
2960 ?? Is 0:00.03 /usr/local/libexec/postfix/master
2961 ?? I 0:00.01 pickup -l -t fifo -u
2962 ?? I 0:00.01 qmgr -l -t fifo -u


dkim-milterの実行ユーザ(デフォルトではmailnull)がpostfixになっていないとソケットに書き込み権限がなく,以下のエラーが発生する。

Jan 7 07:34:54 postfix postfix/smtpd[5656]: warning: connect to Milter service unix:/var/run/milterdkim/dkim-filter.sock: Permission denied


対処法: /etc/rc.conf に 以下の一行を追記する。

milterdkim_uid="postfix"

0 件のコメント: