compat5x-i386-5.4.0.8_9 A convenience package to install the compat5x libraries
cvsup-without-gui-16.1h_4 File distribution system optimized for CVS (non-GUI version
db41-4.1.25_4 The Berkeley DB package, revision 4.1
dkim-milter-2.7.2 Domainkeys Identified Mail (DKIM) milter
dovecot-1.1.7 Secure and compact IMAP and POP3 servers
libiconv-1.11_1 A character set conversion library
libspf2-1.0.4_1 Sender Rewriting Scheme 2 C Implementation
localedata-5.4 Legacy locale data for FreeBSD 6+
openldap-client-2.4.11 Open source LDAP client implementation
pcre-7.7_1 Perl Compatible Regular Exblockquotessions library
perl-5.8.8_1 Practical Extraction and Report Language
portupgrade-2.4.6,2 FreeBSD ports/packages administration and management tool s
postfix-2.4.7,1 A secure alternative to widely-used Sendmail
postfix-policyd-spf-1.0.1_3 Implements SPF for postfix, as a policy daemon
ruby-1.8.6.287,1 An object-oriented interblockquoteted scripting language
ruby18-bdb-0.6.4 Ruby interface to Sleepycat's Berkeley DB
Dovecot と Postfix はLDAP認証をサポートするようにオプションを設定してportsからビルドする必要がある。他のportsはpkg_add -rでバイナリをインストールしたほうがよい。
/etc/rc.conf
sendmail_enable="NONE"
postfix_enable="YES"
dovecot_enable="YES"
milterdkim_enable="YES"
milterdkim_uid="postfix"
/var/db/ports/postfix/options
_OPTIONS_READ=postfix-2.4.7,1
WITH_PCRE=true
WITHOUT_SASL2=true
WITH_DOVECOT=true
WITHOUT_SASLKRB=true
WITHOUT_SASLKRB5=true
WITHOUT_SASLKMIT=true
WITH_TLS=true
WITHOUT_BDB=true
WITHOUT_MYSQL=true
WITHOUT_PGSQL=true
WITH_OPENLDAP=true
WITHOUT_CDB=true
WITHOUT_NIS=true
WITHOUT_VDA=true
WITHOUT_TEST=true
/var/db/ports/dovecot/options
_OPTIONS_READ=dovecot-1.1.7
WITH_KQUEUE=true
WITH_SSL=true
WITHOUT_IPV6=true
WITH_POP3=true
WITH_LDA=true
WITHOUT_MANAGESIEVE=true
WITHOUT_GSSAPI=true
WITHOUT_VPOPMAIL=true
WITHOUT_BDB=true
WITH_LDAP=true
WITHOUT_PGSQL=true
WITHOUT_MYSQL=true
WITHOUT_SQLITE=true
以下設定ファイル
/usr/local/etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
myhostname = postfix.domain.co.jp
mydomain = domain.co.jp
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mynetworks = 192.168.0.0/24, 127.0.0.0/8
relay_domains = $mydestination
home_mailbox = Maildir/
mail_spool_directory = /var/mail
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_log_level = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_mandatory_ciphers = export
smtpd_tls_always_issue_session_ids = no
tls_random_source = /dev/random
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_policy_service unix:private/policy
broken_sasl_auth_clients = yes
body_checks_size_limit = 51200
bounce_size_limit = 50000
header_size_limit = 102400
mailbox_size_limit = 102400000
message_size_limit = 15360000
milter_connect_macros = b j _ {daemon_name} {if_name} {if_addr}
smtpd_milters = unix:/var/run/milterdkim/dkim-filter.sock
non_smtpd_milters = unix:/var/run/milterdkim/dkim-filter.sock
milter_default_action = accept
/usr/local/etc/postfix/master.cf
#==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
policy unix - n n - - spawn
user=nobody argv=/usr/local/sbin/postfix-policyd-spf
#smtp-amavis unix - - n - 2 smtp
# -o smtp_data_done_timeout=1200
# -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
/usr/local/etc/dovecot.conf
protocols = imaps pop3s
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/server.crt
ssl_key_file = /etc/ssl/private/dovecot.pem
mail_location = maildir:~/Maildir
mail_privileged_group = mail
verbose_proctitle = yes
first_valid_gid = 0
protocol imap {
imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep
}
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmaster@domain.co.jp
hostname = mail.domain.co.jp
sendmail_path = /usr/sbin/sendmail
}
auth default {
mechanisms = login plain
passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb passwd {
}
socket listen {
client {
path=/var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}
/usr/local/etc/dovecot-ldap.conf
hosts = ldap
dn = cn=Manager,dc=domain,dc=jp
dnpass = *********
debug_level = 0
ldap_version = 3
base = ou=Users,dc=domain,dc=jp
/usr/local/etc/openldap/ldap.conf
BASE dc=domain,dc=jp
URI ldap://ldap
/usr/local/etc/mail/dkim-filter.conf
Background Yes
Domain domain.co.jp
KeyFile /var/db/dkim/default.private
InternalHosts /usr/local/etc/mail/dkim-filter.ilist
Selector default
Socket local:/var/run/milterdkim/dkim-filter.sock
UserID postfix
Mode sv
X-Header Yes
/usr/local/etc/mail/dkim-filter.ilist
192.168.0.0/24
127.0.0.1
/usr/local/etc/amavisd.conf
@bypass_spam_checks_maps = (1); # controls running of anti-spam code
$mydomain = 'pf.domain.co.jp'; # a convenient default for other settings
SSL証明書
/etc/ssl:
private/dovecot.pem
private/server.csr
certs/dovecot.pem
certs/server.crt
/var/db/dkim:
-r--r--r-- 1 root wheel 306 Sep 9 21:56 default.txt
-rw------- 1 postfix mail 891 Sep 9 21:56 default.private
drwxr-xr-x 2 root wheel 512 Jan 7 09:40 ./
/var/run/dovecot:
-rw------- 1 root wheel 5 Jan 7 10:01 master.pid
drwxr-x--- 2 root dovecot 512 Jan 7 10:01 login/
srwxrwxrwx 1 root wheel 0 Jan 7 10:01 dict-server=
srw------- 1 root wheel 0 Jan 7 10:01 auth-worker.1059=
drwxr-xr-x 3 root wheel 512 Jan 7 10:01 ./
/var/run/milterdkim:
-rw-r--r-- 1 postfix wheel 4 Jan 7 09:40 pid
srwxr-xr-x 1 postfix wheel 0 Jan 7 09:40 dkim-filter.sock=
drwxr-xr-x 2 postfix wheel 512 Jan 7 09:40 ./
PostfixとDovecotが正常に起動したときの /var/log/maillog
Jan 7 00:48:54 postfix dovecot: Dovecot v1.1.7 starting up
Jan 7 00:49:01 postfix postfix/postfix-script[2959]: starting the Postfix mail system
Jan 7 00:49:01 postfix postfix/master[2960]: daemon started -- version 2.4.7, configuration /usr/local/etc/postfix
576 ?? Is 0:00.05 /usr/local/libexec/dkim-filter -l -u postfix -P /var/run/milterdkim/pid -x /usr/local/etc/mail/dkim-filter.conf
2899 ?? Ss 0:00.01 /usr/local/sbin/dovecot -c /usr/local/etc/dovecot.conf
2900 ?? S 0:00.02 dovecot-auth
2901 ?? I 0:00.01 pop3-login
2902 ?? I 0:00.02 pop3-login
2903 ?? I 0:00.02 pop3-login
2904 ?? I 0:00.01 imap-login
2905 ?? I 0:00.01 imap-login
2906 ?? I 0:00.02 imap-login
2960 ?? Is 0:00.03 /usr/local/libexec/postfix/master
2961 ?? I 0:00.01 pickup -l -t fifo -u
2962 ?? I 0:00.01 qmgr -l -t fifo -u
dkim-milterの実行ユーザ(デフォルトではmailnull)がpostfixになっていないとソケットに書き込み権限がなく,以下のエラーが発生する。
Jan 7 07:34:54 postfix postfix/smtpd[5656]: warning: connect to Milter service unix:/var/run/milterdkim/dkim-filter.sock: Permission denied
対処法: /etc/rc.conf に 以下の一行を追記する。
milterdkim_uid="postfix"
0 件のコメント:
コメントを投稿