almalinux9 postfix設定
[root@almalinux9 /etc/postfix]# vi main.cf ---------------------------------------------------------- #myhostname = host.domain.tld #myhostname = virtual.domain.tld myhostname = mail1.hobby.mydns.jp #mydomain = domain.tld mydomain = hobby.mydns.jp inet_interfaces = all ←192.168.0.5とか指定するとGmailに送信できなかった #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #inet_interfaces = localhost #inet_protocols = all inet_protocols = ipv4 #mydestination = $myhostname, localhost.$mydomain, localhost mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain #mynetworks = 168.100.189.0/28, 127.0.0.0/8 mynetworks = 192.168.0.0/24, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table ■メールサーバーのOP25B対策(Postfix編)-------------------------------------------------------------------------------------- Gmailのメールサーバーから送信するメールはOP25Bの影響は受けないため、全ての送信メールをGmailを経由して送信するようにする。 (1)Postfix設定 [root@almalinux ~]# vi /etc/postfix/main.cf ← Postfix設定ファイル編集 以下を最終行へ追加 relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_tls_security_options = noanonymous smtp_sasl_mechanism_filter = plain (2)SMTP認証情報設定 [root@almalinux ~]# echo [smtp.gmail.com]:587 Gmailアドレス:Gmailアプリパスワード※ > /etc/postfix/sasl_passwd ← SMTP認証情報設定 [root@almalinux ~]# chmod 640 /etc/postfix/sasl_passwd ← root以外参照できないようにパーミッション変更 [root@almalinux ~]# postmap /etc/postfix/sasl_passwd ← SMTP認証情報のデータベース化 ※Gmailアプリパスワードは2段階認証プロセスを有効にする、アプリパスワードでログインするを実施して作成した「アプリパスワード」を指定する ------------------------------------------------------------------------------------------------------------------------------- #relayhost = $mydomain #relayhost = [gateway.my.domain] #relayhost = [mailserver.isp.tld] #relayhost = uucphost #relayhost = [an.ip.add.ress] relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_sasl_mechanism_filter = plain #home_mailbox = Mailbox home_mailbox = Maildir/ ■TLS/SSL証明書の設定はZeroSSLで設定したファイルを流用する。------ vi /etc/httpd/conf.d/ssl.conf ------------------------------------------------------------------ #smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem # ZeroSSL # smtpd_tls_cert_file = /etc/ssl/zerossl/certificates/hobby.mydns.jp.crt # The full pathname of a file with the Postfix SMTP server RSA private key # in PEM format. The private key must be accessible without a pass-phrase, # i.e. it must not be encrypted. # #smtpd_tls_key_file = /etc/pki/tls/private/postfix.key # ZeroSSL # smtpd_tls_key_file = /etc/ssl/zerossl/certificates/hobby.mydns.jp.key # Announce STARTTLS support to remote SMTP clients, but do not require that # clients use TLS encryption (opportunistic TLS inbound). # smtpd_tls_security_level = may # Directory with PEM format Certification Authority certificates that the # Postfix SMTP client uses to verify a remote SMTP server certificate. # smtp_tls_CApath = /etc/pki/tls/certs # The full pathname of a file containing CA certificates of root CAs # trusted to sign either remote SMTP server certificates or intermediate CA # certificates. # smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
設定が終わったら再起動
systemctl restart postfix.service