postfix 설치 전에 가능하면 postfix에 사용할 인증서는 구하는 것을 추천한다.
설치 후, 설정 파일을 수정하는 부분이 있는 이 부분에 인증서를 넣는 부분이 있다.
무료로 사용할 수 있는 "Let’s Encrypt 인증서"를 기반으로 설명한다.
1. 서비스 기반 구성
o. DNS의 MX 설정
MacPro:~ $ dig encicle.com mx
; <<>> DiG 9.10.6 <<>> encicle.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1724
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;encicle.com. IN MX
;; ANSWER SECTION:
encicle.com. 300 IN MX 10 mail.encicle.com.
;; Query time: 7 msec
;; SERVER: 203.248.252.2#53(203.248.252.2)
;; WHEN: Wed Nov 17 10:45:31 KST 2021
;; MSG SIZE rcvd: 61
o. SPF 설정
MacPro:~$ dig encicle.com txt
; <<>> DiG 9.10.6 <<>> encicle.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16937
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;encicle.com. IN TXT
;; ANSWER SECTION:
encicle.com. 300 IN TXT "v=spf1 mx mx:mail.encicle.com -all"
;; Query time: 9 msec
;; SERVER: 203.248.252.2#53(203.248.252.2)
;; WHEN: Wed Nov 17 10:46:47 KST 2021
;; MSG SIZE rcvd: 87
o. PTR 설정
MacPro:~$ dig -x 52.145.33.173
; <<>> DiG 9.10.6 <<>> -x 52.145.33.173
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48436
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;171.30.141.52.in-addr.arpa. IN PTR
;; ANSWER SECTION:
171.30.141.52.in-addr.arpa. 10 IN PTR mail.encicle.com.
;; Query time: 40 msec
;; SERVER: 203.248.252.2#53(203.248.252.2)
;; WHEN: Wed Nov 17 10:48:31 KST 2021
;; MSG SIZE rcvd: 82
위 3가지는 이메일 설정을 위한 가장 기본적인 설정이다.
가능하면 해두자.
2. postfix 설치
o. postfix package 설치
$ sudo apt install postfix
"Internet Site"를 선택해서 외부로 메일 수신/발신 가능하도록 선택
이메일에 사용할 도메인 설정
o. /etc/postfix/main.cf 설정
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# 인증용 설정
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = no
smtpd_sasl_local_domain = $mydomain
# TLS parameters
ssl 인증서 설정
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
to
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/conf/fullchain.pem
smtpd_tls_key_file=/etc/ssl/conf/fullchain.pem
smtpd_tls_security_level=may
relay 관련 설정
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = homemachine
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, encicle.com, homemachine, localhost.localdomain, localhost
to
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
myhostname = mail.encicle.com
mydomain = encicle.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, $mydomain, localhost
메일 저장 위치 설정
home_mailbox = Maildir/
최종 설정 파일
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = no
smtpd_sasl_local_domain = $mydomain
smtpd_tls_cert_file=/etc/ssl/conf/fullchain.pem
smtpd_tls_key_file=/etc/ssl/conf/privkey.pem
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
myhostname = mail.encicle.com
mydomain = encicle.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname, $mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
o. /etc/postfix/master.cf 설정
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
pickup unix n - y 60 1 pickup
인증 방식을 dovecot를 넣었기 때문에 devecot를 적절히 설정하기 전까지는 이메일이 발송/송신 테스트가 불가능
위 설정을 해놓고 postfix를 실해해보면 아래와 같은 오류가 발생된다.
아래는 최종 파일 수정 분
root@homemachine:/etc# diff -Naur org.postfix postfix
diff -Naur org.postfix/main.cf postfix/main.cf
--- org.postfix/main.cf 2021-11-17 16:00:42.590511018 +0900
+++ postfix/main.cf 2021-11-17 16:06:16.665416299 +0900
@@ -22,10 +22,24 @@
compatibility_level = 2
+smtpd_sasl_auth_enable = yes
+broken_sasl_auth_clients = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_tls_security_options = noanonymous
+smtpd_tls_auth_only = no
+
+smtpd_sasl_local_domain = $mydomain
+
+
# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_cert_file=/etc/ssl/conf/fullchain.pem
+smtpd_tls_key_file=/etc/ssl/conf/privkey.pem
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
@@ -33,14 +47,18 @@
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = ubuntu-server
+#smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
+myhostname = mail.encicle.com
+mydomain = encicle.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
-mydestination = $myhostname, ubuntu-server, localhost.localdomain, , localhost
+myorigin = $mydomain
+mydestination = $myhostname, $mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
-inet_protocols = all
+inet_protocols = ipv4
+home_mailbox = Maildir/
diff -Naur org.postfix/master.cf postfix/master.cf
--- org.postfix/master.cf 2021-11-17 16:00:38.670398052 +0900
+++ postfix/master.cf 2021-11-17 16:06:16.689417085 +0900
@@ -9,15 +9,16 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
-smtp inet n - y - - smtpd
+#smtp inet n - y - - smtpd
+smtp inet n - n - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
-#submission inet n - y - - smtpd
-# -o syslog_name=postfix/submission
-# -o smtpd_tls_security_level=encrypt
-# -o smtpd_sasl_auth_enable=yes
+submission inet n - n - - smtpd
+ -o syslog_name=postfix/submission
+ -o smtpd_tls_security_level=encrypt
+ -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
@@ -26,10 +27,10 @@
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
-#smtps inet n - y - - smtpd
-# -o syslog_name=postfix/smtps
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
+smtps inet n - n - - smtpd
+ -o syslog_name=postfix/smtps
+ -o smtpd_tls_wrappermode=yes
+ -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions