mail serverの移行（その51）Postfix、Dovecotの再構築

あれから色々ありました。
もうね、何を遣っていたか覚えていません……
取り敢えず、Gmailに送信できたみたいなので、此処迄の設定の覚え書きです。

postconfで現在の設定を一通り書き記しておきます。

% postconf -a
dovecot

% postconf -a

dovecot

% postconf -A

1	% postconf -A

% postconf -n
alias_database = hash:/opt/local/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /opt/local/sbin
compatibility_level = 3.9
content_filter = amavis:localhost:10024
daemon_directory = /opt/local/libexec/postfix
data_directory = /opt/local/var/lib/postfix
debug_peer_level = 1
default_privs = nobody
dns_ncache_ttl_fix_enable = yes
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
lmtp_tls_loglevel = 2
lmtp_tls_session_cache_database = btree:$data_directory/lmtp_tls_session_cache
local_transport = local:$myhostname
luser_relay = unknown_user@k-in.co.jp
mail_owner = _postfix
mail_spool_directory = /Volumes/Works/Library/mail/
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:private/dovecot-lmtp
maillog_file = /opt/local/var/log/postfix/postfix_log
maillog_file_permissions = 0644
maillog_file_prefixes = /opt/local/var/log, /opt/local/var/log/postfix
mailq_path = /opt/local/bin/mailq
manpage_directory = /opt/local/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, smtp.$mydomain, imap.$mydomain
mydomain = k-in.co.jp
myhostname = mail.k-in.co.jp
mynetworks = 192.168.0.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /opt/local/bin/newaliases
postscreen_access_list = permit_mynetworks hash:/opt/local/etc/postfix/access cidr:/opt/local/etc/postfix/access_cidr cidr:/opt/local/etc/postfix/reject_cidr
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop
postscreen_cache_map = $data_directory/postscreen_cache_map
postscreen_denylist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_allowlist_threshold = -2
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org=127.0.0.[2..11]*2 bl.spameatingmonkey.net*2 bl.spamcop.net dnsbl.sorbs.net list.dnswl.org=127.[0..255].[0..255].0*-2, list.dnswl.org=127.[0..255].[0..255].1*-4, list.dnswl.org=127.[0..255].[0..255].[2..3]*-6
postscreen_dnsbl_threshold = 3
postscreen_greet_action = drop
postscreen_non_smtp_command_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes
queue_directory = /opt/local/var/spool/postfix
readme_directory = /opt/local/share/postfix/readme
receive_override_options = no_address_mappings
relay_domains =
relayhost =
sample_directory = /opt/local/share/postfix/sample
sendmail_path = /opt/local/sbin/sendmail
setgid_group = _postdrop
smtp_discard_ehlo_keywords = pipelining CRLF.CRLF
smtp_dns_support_level = dnssec
smtp_tls_loglevel = 2
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unverified_recipient reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_invalid_hostname reject_unknown_hostname reject_non_fqdn_helo_hostname reject_rhsbl_helo dbl.spamhaus.org reject_rhsbl_reverse_client dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noactive, nodictionary
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unverified_sender
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /opt/local/etc/postfix/certs/mail_server.pem
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/opt/local/etc/postfix/virtual
virtual_gid_maps = static:510
virtual_mailbox_base = /Volumes/Works/Library/mail
virtual_mailbox_maps = hash:/opt/local/etc/postfix/virtual
virtual_minimum_uid = 500
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:510

% postconf -n

alias_database = hash:/opt/local/etc/aliases

alias_maps = hash:/etc/aliases

command_directory = /opt/local/sbin

compatibility_level = 3.9

content_filter = amavis:localhost:10024

daemon_directory = /opt/local/libexec/postfix

data_directory = /opt/local/var/lib/postfix

debug_peer_level = 1

default_privs = nobody

dns_ncache_ttl_fix_enable = yes

html_directory = no

inet_interfaces = all

inet_protocols = ipv4

lmtp_tls_loglevel = 2

lmtp_tls_session_cache_database = btree:$data_directory/lmtp_tls_session_cache

local_transport = local:$myhostname

luser_relay = unknown_user@k-in.co.jp

mail_owner = _postfix

mail_spool_directory = /Volumes/Works/Library/mail/

mailbox_size_limit = 0

mailbox_transport = lmtp:unix:private/dovecot-lmtp

maillog_file = /opt/local/var/log/postfix/postfix_log

maillog_file_permissions = 0644

maillog_file_prefixes = /opt/local/var/log, /opt/local/var/log/postfix

mailq_path = /opt/local/bin/mailq

manpage_directory = /opt/local/share/man

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, smtp.$mydomain, imap.$mydomain

mydomain = k-in.co.jp

myhostname = mail.k-in.co.jp

mynetworks = 192.168.0.0/24, 127.0.0.0/8

myorigin = $mydomain

newaliases_path = /opt/local/bin/newaliases

postscreen_access_list = permit_mynetworks hash:/opt/local/etc/postfix/access cidr:/opt/local/etc/postfix/access_cidr cidr:/opt/local/etc/postfix/reject_cidr

postscreen_bare_newline_action = enforce

postscreen_bare_newline_enable = yes

postscreen_blacklist_action = drop

postscreen_cache_map = $data_directory/postscreen_cache_map

postscreen_denylist_action = drop

postscreen_dnsbl_action = drop

postscreen_dnsbl_allowlist_threshold = -2

postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org=127.0.0.[2..11]*2 bl.spameatingmonkey.net*2 bl.spamcop.net dnsbl.sorbs.net list.dnswl.org=127.[0..255].[0..255].0*-2, list.dnswl.org=127.[0..255].[0..255].1*-4, list.dnswl.org=127.[0..255].[0..255].[2..3]*-6

postscreen_dnsbl_threshold = 3

postscreen_greet_action = drop

postscreen_non_smtp_command_action = enforce

postscreen_non_smtp_command_enable = yes

postscreen_pipelining_action = enforce

postscreen_pipelining_enable = yes

queue_directory = /opt/local/var/spool/postfix

readme_directory = /opt/local/share/postfix/readme

receive_override_options = no_address_mappings

relay_domains =

relayhost =

sample_directory = /opt/local/share/postfix/sample

sendmail_path = /opt/local/sbin/sendmail

setgid_group = _postdrop

smtp_discard_ehlo_keywords = pipelining CRLF.CRLF

smtp_dns_support_level = dnssec

smtp_tls_loglevel = 2

smtp_tls_security_level = encrypt

smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname

smtpd_proxy_options = speed_adjust

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unverified_recipient reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_invalid_hostname reject_unknown_hostname reject_non_fqdn_helo_hostname reject_rhsbl_helo dbl.spamhaus.org reject_rhsbl_reverse_client dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $mydomain

smtpd_sasl_path = private/auth

smtpd_sasl_security_options = noanonymous, noactive, nodictionary

smtpd_sasl_tls_security_options = noanonymous

smtpd_sasl_type = dovecot

smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unverified_sender

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /opt/local/etc/postfix/certs/mail_server.pem

smtpd_tls_loglevel = 2

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

smtpd_tls_received_header = yes

smtpd_tls_security_level = may

smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache

unknown_local_recipient_reject_code = 550

virtual_alias_maps = hash:/opt/local/etc/postfix/virtual

virtual_gid_maps = static:510

virtual_mailbox_base = /Volumes/Works/Library/mail

virtual_mailbox_maps = hash:/opt/local/etc/postfix/virtual

virtual_minimum_uid = 500

virtual_transport = lmtp:unix:private/dovecot-lmtp

virtual_uid_maps = static:510

次にdoveconfの出力結果。

% doveconf -n
# 2.3.21 (47349e2482): /opt/local/etc/dovecot/dovecot.conf
# OS: Darwin 17.7.0 x86_64  hfs
# Hostname: macmini.lo.k-in.co.jp
doveconf: Error: t_readlink(/opt/local/var/run/dovecot/dovecot.conf) failed: readlink() failed: Permission denied
auth_cache_size = 1 k
auth_debug = yes
auth_debug_passwords = yes
auth_default_realm = k-in.co.jp
auth_gssapi_hostname = $ALL
auth_mechanisms = plain login
auth_realms = k-in.co.jp lo.k-in.co.jp macmini.k-in.co.jp
auth_socket_path = /opt/local/var/run/dovecot/auth-userdb
auth_username_format = %n
auth_verbose = yes
auth_verbose_passwords = yes
debug_log_path = /opt/local/var/log/dovecot/dovecot.log
dict {
  quota = mysql:/opt/local/etc/dovecot/dovecot-dict-sql.conf.ext
}
doveadm_socket_path = /opt/local/var/run/dovecot/doveadm-server
imap_id_log = *
imap_id_send = "name" * "version" *
info_log_path = /opt/local/var/log/dovecot/dovecot.log
listen = *
log_path = /opt/local/var/log/dovecot/dovecot.log
log_timestamp = "%F %T "
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_debug = yes
mail_location = maildir:/Volumes/Works/Library/mail/%u
mail_plugins = zlib
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
  separator = /
}
passdb {
  args = scheme=CRYPT /opt/local/etc/dovecot/users
  driver = passwd-file
}
plugin {
  acl = vfile:/Volumes/Works/Library/mail/global-acls:cache_secs=300
  acl_shared_dict = file:/Volumes/Works/Library/mail/shared
  mail_log_cached_only = yes
  mail_log_events = delete undelete expunge mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size from
}
postmaster_address = postmaster@macmini.k-in.co.jp
protocols = imap lmtp
service anvil {
  unix_listener anvil {
    group = vmail
    mode = 0660
  }
}
service auth-worker {
  user = root
}
service auth {
  unix_listener /opt/local/var/spool/postfix/private/auth {
    group = _postfix
    mode = 0666
    user = _postfix
  }
  unix_listener auth-userdb {
    group = 
    mode = 0777
    user = 
  }
}
service doveadm {
  inet_listener {
    port = 2525
  }
  user = vmail
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service imap {
  client_limit = 5
  process_limit = 200
  process_min_avail = 6
  service_count = 256
}
service lmtp {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = lmtp
  extra_groups = $default_internal_group
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = lmtp
  service_count = 0
  type = 
  unix_listener /opt/local/var/spool/postfix/private/dovecot-lmtp {
    group = _postfix
    mode = 0600
    user = _postfix
  }
  user = 
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
service pop3 {
  client_limit = 5
  process_limit = 200
  service_count = 0
}
service stats {
  unix_listener stats-reader {
    group = vmail
    mode = 0666
    user = vmail
  }
  unix_listener stats-writer {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service submission-login {
  inet_listener submission {
    port = 587
  }
}
ssl = required
ssl_ca = </opt/local/etc/ssl/certs/mail.k-in.co.jp.chain.pem
ssl_cert = </opt/local/etc/ssl/certs/mail.k-in.co.jp.cert.pem
ssl_cipher_list = HIGH:!DH:!aNULL
ssl_client_ca_dir = /opt/local/etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  args = username_format=%n /opt/local/etc/dovecot/users
  default_fields = uid=vmail gid=vmail
  driver = passwd-file
  override_fields = home=/Volumes/Works/Library/mail/%n/
}
verbose_proctitle = yes
verbose_ssl = yes
protocol lmtp {
  postmaster_address = postmaster@k-in.co.jp
}
protocol pop3 {
  passdb {
    args = username_format=%u /opt/local/etc/dovecot/users
    driver = passwd-file
    name = 
  }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

% doveconf -n

# 2.3.21 (47349e2482): /opt/local/etc/dovecot/dovecot.conf

# OS: Darwin 17.7.0 x86_64 hfs

# Hostname: macmini.lo.k-in.co.jp

doveconf: Error: t_readlink(/opt/local/var/run/dovecot/dovecot.conf) failed: readlink() failed: Permission denied

auth_cache_size = 1 k

auth_debug = yes

auth_debug_passwords = yes

auth_default_realm = k-in.co.jp

auth_gssapi_hostname = $ALL

auth_mechanisms = plain login

auth_realms = k-in.co.jp lo.k-in.co.jp macmini.k-in.co.jp

auth_socket_path = /opt/local/var/run/dovecot/auth-userdb

auth_username_format = %n

auth_verbose = yes

auth_verbose_passwords = yes

debug_log_path = /opt/local/var/log/dovecot/dovecot.log

dict {

quota = mysql:/opt/local/etc/dovecot/dovecot-dict-sql.conf.ext

}

doveadm_socket_path = /opt/local/var/run/dovecot/doveadm-server

imap_id_log = *

imap_id_send = "name" * "version" *

info_log_path = /opt/local/var/log/dovecot/dovecot.log

listen = *

log_path = /opt/local/var/log/dovecot/dovecot.log

log_timestamp = "%F %T "

login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c

mail_debug = yes

mail_location = maildir:/Volumes/Works/Library/mail/%u

mail_plugins = zlib

mail_privileged_group = mail

namespace inbox {

inbox = yes

location =

mailbox Drafts {

special_use = \Drafts

}

mailbox Junk {

special_use = \Junk

}

mailbox Sent {

special_use = \Sent

}

mailbox "Sent Messages" {

special_use = \Sent

}

mailbox Trash {

special_use = \Trash

}

prefix =

separator = /

}

passdb {

args = scheme=CRYPT /opt/local/etc/dovecot/users

driver = passwd-file

}

plugin {

acl = vfile:/Volumes/Works/Library/mail/global-acls:cache_secs=300

acl_shared_dict = file:/Volumes/Works/Library/mail/shared

mail_log_cached_only = yes

mail_log_events = delete undelete expunge mailbox_delete mailbox_rename

mail_log_fields = uid box msgid size from

}

postmaster_address = postmaster@macmini.k-in.co.jp

protocols = imap lmtp

service anvil {

unix_listener anvil {

group = vmail

mode = 0660

}

service auth-worker {

user = root

}

service auth {

unix_listener /opt/local/var/spool/postfix/private/auth {

group = _postfix

mode = 0666

user = _postfix

}

unix_listener auth-userdb {

group =

mode = 0777

user =

}

service doveadm {

inet_listener {

port = 2525

}

user = vmail

}

service imap-login {

inet_listener imap {

port = 143

}

inet_listener imaps {

port = 993

ssl = yes

}

service imap {

client_limit = 5

process_limit = 200

process_min_avail = 6

service_count = 256

}

service lmtp {

chroot =

client_limit = 1

drop_priv_before_exec = no

executable = lmtp

extra_groups = $default_internal_group

group =

idle_kill = 0

privileged_group =

process_limit = 0

process_min_avail = 0

protocol = lmtp

service_count = 0

type =

unix_listener /opt/local/var/spool/postfix/private/dovecot-lmtp {

group = _postfix

mode = 0600

user = _postfix

}

user =

}

service pop3-login {

inet_listener pop3 {

port = 0

}

inet_listener pop3s {

port = 995

ssl = yes

}

service pop3 {

client_limit = 5

process_limit = 200

service_count = 0

}

service stats {

unix_listener stats-reader {

group = vmail

mode = 0666

user = vmail

}

unix_listener stats-writer {

group = vmail

mode = 0660

user = vmail

}

service submission-login {

inet_listener submission {

port = 587

}

ssl = required

ssl_ca = </opt/local/etc/ssl/certs/mail.k-in.co.jp.chain.pem

ssl_cert = </opt/local/etc/ssl/certs/mail.k-in.co.jp.cert.pem

ssl_cipher_list = HIGH:!DH:!aNULL

ssl_client_ca_dir = /opt/local/etc/ssl/certs

ssl_dh = # hidden, use -P to show it

ssl_key = # hidden, use -P to show it

userdb {

args = username_format=%n /opt/local/etc/dovecot/users

default_fields = uid=vmail gid=vmail

driver = passwd-file

override_fields = home=/Volumes/Works/Library/mail/%n/

}

verbose_proctitle = yes

verbose_ssl = yes

protocol lmtp {

postmaster_address = postmaster@k-in.co.jp

}

protocol pop3 {

passdb {

args = username_format=%u /opt/local/etc/dovecot/users

driver = passwd-file

name =

}

未だ不安定そうです。
Macのメール.appも何だか挙動不審なので、確認作業も覚束ない。
Appleの中の人達、頑張って下さい。
草葉の蔭からお祈りしてますから。

mail serverの移行（その51）Postfix、Dovecotの再構築

関連

コメントを残すコメントをキャンセル

2025年3月
日	月	火	水	木	金	土
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31