{"id":10126,"date":"2024-12-03T18:19:58","date_gmt":"2024-12-03T09:19:58","guid":{"rendered":"https:\/\/www.k-in.co.jp\/niwakan\/?p=10126"},"modified":"2024-12-04T16:46:59","modified_gmt":"2024-12-04T07:46:59","slug":"mail-server%e3%81%ae%e7%a7%bb%e8%a1%8c%ef%bc%88%e3%81%9d%e3%81%ae46%ef%bc%89postfix%e3%80%81dovecot%e3%81%ae%e5%86%8d%e6%a7%8b%e7%af%89","status":"publish","type":"post","link":"https:\/\/www.k-in.co.jp\/niwakan\/archives\/2024\/12\/10126\/","title":{"rendered":"mail server\u306e\u79fb\u884c\uff08\u305d\u306e46\uff09Postfix\u3001Dovecot\u306e\u518d\u69cb\u7bc9"},"content":{"rendered":"

\u30ed\u30fc\u30ab\u30eb\u304b\u3089\u306e\u30e1\u30fc\u30eb\u304c\u9001\u308c\u306a\u3044\u306e\u306b\u3001\u8ff7\u60d1\u30e1\u30fc\u30eb\u306f\u3084\u3063\u3066\u6765\u308b\u3002
\n\u56f0\u3063\u305f\u3082\u306e\u3067\u3042\u308b\u3002
\n<\/p>\n

\u30ed\u30fc\u30ab\u30eb\u306f\u7d76\u5bfe\u306b\u901a\u3059\uff01\u3068\u52e2\u3044\u8fbc\u3093\u3067\u3044\u305f\u306e\u3060\u304c\u3001<\/p>\n

smtpd_helo_restrictions =\r\n    permit_mynetworks\r\n    reject_invalid_helo_hostname\r\n    reject_non_fqdn_helo_hostname\r\n    reject_unknown_helo_hostname\r\nsmtpd_helo_required = yes<\/pre>\n
smtpd_helo_restrictions\u306f\u3001\u4e0a\u306e\u6700\u7d42\u884csmtpd_helo_required = yes<\/strong>\u304c\u7121\u3044\u3068\u52d5\u304b\u306a\u3044\u306e\u3060\u305d\u3046\u3060\u3002
\n\u300ePostfix Configuration Parameters<\/a>\u300f\u3092\u4e00\u6240\u61f8\u547d\uff08Google\u5148\u751f\u304c\uff09\u7ffb\u8a33\u3057\u3066\u6c17\u304c\u4ed8\u3044\u305f\u3002\uff08\u305d\u3046\u3060\u3063\u305f\u306e\u304b\u3041\u301c\uff09<\/p>\n
\u3055\u3066\u3001\u305d\u308c\u3067\u3082openssl\u3067\u63a5\u7d9a\u3057\u305f\u7d50\u679c\u304c\u3001<\/p>\n
% openssl s_client -connect mail.k-in.co.jp:25\r\nConnecting to 192.168.0.35\r\nCONNECTED(00000005)\r\n407BD051F87F0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl\/record\/methods\/tlsany_meth.c:81:\r\n---\r\nno peer certificate available\r\n---\r\nNo client certificate CA names sent\r\n---\r\nSSL handshake has read 5 bytes and written 333 bytes\r\nVerification: OK<\/pre>\n
\u306a\u8a33\u3067\u3001\u307e\u305f\u30cd\u30c3\u30c8\u691c\u7d22\u3067\u3059\u3002
\n\u898b\u3064\u3051\u307e\u3057\u305f\u3002\u300eSMTP fail to send email due to SSL wrong version number<\/a>\u300f\u306b\u5728\u308a\u307e\u3057\u305f\u3002
\n\u300eport 25\u3058\u3083\u306a\u304f\u3066587\u3058\u3083\u306d\uff1f\u300f\u3068\u4e91\u3046\u8fd4\u7b54\u3002
\n\u305d\u3046\u3060\u3063\u305f\u306e\u304b\u3041\u301c\uff01
\n\u4f55\u6642\u8fc4\u7d4c\u3063\u3066\u3082\u4e00\u5411\u306b\u9032\u307e\u306a\u3044\u8a33\u304c\u5224\u308a\u307e\u3057\u305f\u3002
\n\u3067\u3001\u65e9\u901f\u9063\u3063\u3066\u307f\u305f\u3002<\/p>\n
% openssl s_client -connect mail.k-in.co.jp:587\r\nConnecting to 192.168.0.35\r\nCONNECTED(00000005)\r\ndepth=2 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority\r\nverify return:1\r\ndepth=1 C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA\r\nverify return:1\r\ndepth=0 CN=mail.k-in.co.jp\r\nverify return:1\r\n---\r\nCertificate chain\r\n 0 s:CN=mail.k-in.co.jp\r\n   i:C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA\r\n   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256\r\n   v:NotBefore: Nov 13 00:00:00 2024 GMT; NotAfter: Dec 14 23:59:59 2025 GMT\r\n 1 s:C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA\r\n   i:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority\r\n   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384\r\n   v:NotBefore: May 15 00:00:00 2019 GMT; NotAfter: May 14 23:59:59 2029 GMT\r\n 2 s:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority\r\n   i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services\r\n   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384\r\n   v:NotBefore: Mar 12 00:00:00 2019 GMT; NotAfter: Dec 31 23:59:59 2028 GMT\r\n 3 s:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services\r\n   i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services\r\n   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1\r\n   v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT\r\n---\r\nServer certificate\r\n-----BEGIN CERTIFICATE-----\r\nMIIGETCCBPmgAwIBAgIQCca73n8qxWSYjijRmc6W\/TANBgkqhkiG9w0BAQsFADB1\r\nMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xEzARBgNVBAcTClNoaWJ1eWEt\r\na3UxFDASBgNVBAoTC05pamltbyBLLksuMSswKQYDVQQDEyJGdWppU1NMIFNIQTIg\r\nRG9tYWluIFNlY3VyZSBTaXRlIENBMB4XDTI0MTExMzAwMDAwMFoXDTI1MTIxNDIz\r\nNTk1OVowGjEYMBYGA1UEAxMPbWFpbC5rLWluLmNvLmpwMIIBIjANBgkqhkiG9w0B\r\nAQEFAAOCAQ8AMIIBCgKCAQEA7mErt+xJhJxKSpwrUqF2giFN+5vM0S9sNSWqqOG1\r\nC86av+h04I9JfniVa1L3QxNEtN23ot6L90RCXikRlpV+ERo\/VOZWzW56vSHdAUUU\r\nwPwy+4A44UJmkv25wJNCjgc311s9E3TB+VSI3P3CrUjXDH4cds6Ch3HynjmSV2MX\r\nfK2co3dVueWbHVRW7KmeFMj+p8COR3SRax0hS0KMJjVk8EHcenVdv2lpSaO5+M76\r\nUiJFgUTD3JH97K8KliYOpML2H+xhpwYUFE+C3pjhe4IBPxRqGBYs8gOJKseaiXO+\r\n21H0UP2WaS76tEn2Kq79IHP6glCphRsmSNj2dY163GwdxwIDAQABo4IC9jCCAvIw\r\nHwYDVR0jBBgwFoAU5iJAT6RQqXotkzlRr7KdczbzwbAwHQYDVR0OBBYEFFnYVn30\r\nuzoNfmxAuTAOmWSXBv9CMA4GA1UdDwEB\/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G\r\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQB\r\nsjEBAgJFMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgG\r\nBmeBDAECATCBhwYIKwYBBQUHAQEEezB5MEsGCCsGAQUFBzAChj9odHRwOi8vbmlq\r\naW1vLmNydC5zZWN0aWdvLmNvbS9GdWppU1NMU0hBMkRvbWFpblNlY3VyZVNpdGVD\r\nQS5jcnQwKgYIKwYBBQUHMAGGHmh0dHA6Ly9uaWppbW8ub2NzcC5zZWN0aWdvLmNv\r\nbTAaBgNVHREEEzARgg9tYWlsLmstaW4uY28uanAwggGABgorBgEEAdZ5AgQCBIIB\r\ncASCAWwBagB3AN3cyjSV1+EWBeeVMvrHn\/g9HFDf2wA6FBJ2Ciysu8gqAAABkyMp\r\n+zQAAAQDAEgwRgIhAPm7QNpI5fJKZcIPgV+1ZcTU5rRAJhMd\/ZO\/Mz\/pBsWVAiEA\r\n+R4Ryc39DZv1\/VzKpB3rcmEGBLg9KV\/irNuYM+Vqt8wAdgDM+w9qhXEJZf6Vm1PO\r\n6bJ8IumFXA2XjbapflTA\/kwNsAAAAZMjKfr6AAAEAwBHMEUCIQDOF2uQCPl2DloH\r\nwwYAvDjalC0tsIvJJJbGFTjn\/D\/amgIgJkwbpNbNN3WLYtw3HZmby2WMDp2vobNU\r\nYDR8SNukIn8AdwAS8U40vVNyTIQGGcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAAAZMj\r\nKfrJAAAEAwBIMEYCIQCwrdwxcba4JSKMeCyd5m9ugt+7N+x6oDVbyPcr0IPkMQIh\r\nAL\/6uhLvGCWFO8Q0wypIs6HDd+JUGkrMn5zbG1aRtQjYMA0GCSqGSIb3DQEBCwUA\r\nA4IBAQApHWLWohT6Fg7JG7DCndHrIAwTwrHIkOi5OoG1Qx2WoVJwZ3kr3j3\/mT85\r\nhodkMOMrppVuCfS4ZbNGvHlEr+Ea3QYTDC61Ocqw3c4qZPFra+jMW4nALF9fIFm4\r\nX0AV5sSVh4Fx528u9BEIjsBL++6oqqx+H4p08IHiFRGaXyq998NehFYRh1vAEF3z\r\nWxoN2db1OrkDpuc0+mMp61petMx3hGZtHfUtCCk0IWPzAI5y+MtdHHP\/LeehGn28\r\n91BfhDFr5iftlyj0VIrlAIymQw62mErQXm9xr4KFd3fHtiSZm2aaVcox16DfKYGq\r\nFLSNIUk2ZnKEz\/nhAhbybbhG3781\r\n-----END CERTIFICATE-----\r\nsubject=CN=mail.k-in.co.jp\r\nissuer=C=JP, ST=Tokyo, L=Shibuya-ku, O=Nijimo K.K., CN=FujiSSL SHA2 Domain Secure Site CA\r\n---\r\nNo client certificate CA names sent\r\nPeer signing digest: SHA256\r\nPeer signature type: RSA-PSS\r\nServer Temp Key: X25519, 253 bits\r\n---\r\nSSL handshake has read 6158 bytes and written 413 bytes\r\nVerification: OK\r\n---\r\nNew, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384\r\nProtocol: TLSv1.3\r\nServer public key is 2048 bit\r\nThis TLS version forbids renegotiation.\r\nCompression: NONE\r\nExpansion: NONE\r\nNo ALPN negotiated\r\nEarly data was not sent\r\nVerify return code: 0 (ok)\r\n---\r\n---\r\nPost-Handshake New Session Ticket arrived:\r\nSSL-Session:\r\n    Protocol  : TLSv1.3\r\n    Cipher    : TLS_AES_256_GCM_SHA384\r\n    Session-ID: 27A41F2F35690D4851866C751FE4333642DCA68E779E249790F7AD884C898D5B\r\n    Session-ID-ctx: \r\n    Resumption PSK: D652AA60566D7DC762AF56717D6595FE703C1F81F948B5473668DA6C4A802EAA92F6BA7C3E7B87B75EB5E1F9289B177C\r\n    PSK identity: None\r\n    PSK identity hint: None\r\n    SRP username: None\r\n    TLS session ticket lifetime hint: 7200 (seconds)\r\n    TLS session ticket:\r\n    0000 - d2 61 e6 7a c8 a6 fa d3-e3 db 6d 47 4a f7 c2 66   .a.z......mGJ..f\r\n    0010 - 38 8f 11 7f b8 4f a9 6c-42 27 0c a5 bf d6 19 62   8....O.lB'.....b\r\n    0020 - 2e d9 91 ca d7 7a d5 08-8d 67 e6 60 5f b8 6f ab   .....z...g.`_.o.\r\n    0030 - cd b5 ee d1 f0 b9 96 49-74 49 89 8d 98 cf d3 fc   .......ItI......\r\n    0040 - 54 84 e6 9e 05 2e a3 eb-ed 1d a5 91 ca 8d 3b a5   T.............;.\r\n    0050 - ae 50 44 ae b6 86 9e 90-1e 0e c9 59 00 e9 06 fd   .PD........Y....\r\n    0060 - 8d fa e8 60 6a 83 22 19-a1 05 80 8c c3 41 02 84   ...`j.\"......A..\r\n    0070 - 66 9a 37 df 11 16 a1 ec-8d a1 ad 42 7c 2c 28 ca   f.7........B|,(.\r\n    0080 - 5e 1d da b0 f2 11 8b 4a-4b b5 84 f3 d2 d4 27 5f   ^......JK.....'_\r\n    0090 - d3 ce 62 e3 0b 85 51 b6-04 d6 3f 6d 59 fe 5b 59   ..b...Q...?mY.[Y\r\n    00a0 - 61 cd a2 1f 32 9b ba ec-a6 ed db 3e e4 42 9f 6b   a...2......>.B.k\r\n    00b0 - 88 37 5d bb 25 7c 52 52-71 74 d0 9c 29 29 7e 0e   .7].%|RRqt..))~.\r\n    00c0 - 06 8b 2d a0 72 8a 96 e4-65 60 10 9b 72 0c 84 82   ..-.r...e`..r...\r\n\r\n    Start Time: 1733211916\r\n    Timeout   : 7200 (sec)\r\n    Verify return code: 0 (ok)\r\n    Extended master secret: no\r\n    Max Early Data: 0\r\n---\r\nread R BLOCK\r\n220 mail.k-in.co.jp ESMTP Postfix\r\nEHLO macmi2.lo.k-in.co.jp\r\n250-mail.k-in.co.jp\r\n250-PIPELINING\r\n250-SIZE 10240000\r\n250-VRFY\r\n250-ETRN\r\n250-AUTH PLAIN LOGIN\r\n250-AUTH=PLAIN LOGIN\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250-DSN\r\n250 CHUNKING\r\nquit\r\n221 2.0.0 Bye\r\nclosed<\/pre>\n
\u51fa\u6765\u3066\u5c45\u308b\u3093\u3058\u3083\u306d\uff1f
\n\u3084\u3063\u305f\u306d\u3063\uff01<\/p>\n
\u3067\u3082\u306d\u3001Mac\u306e\u30e1\u30fc\u30eb\u30a2\u30d7\u30ea\u304b\u3089\u306f\u9001\u4fe1\u51fa\u6765\u306a\u3044\u3093\u3060\u3002
\n\u4f55\u3067\u3060\u308d\u3046\uff1f<\/p>\n","protected":false},"excerpt":{"rendered":"
\u30ed\u30fc\u30ab\u30eb\u304b\u3089\u306e\u30e1\u30fc\u30eb\u304c\u9001\u308c\u306a\u3044\u306e\u306b\u3001\u8ff7\u60d1\u30e1\u30fc\u30eb\u306f\u3084\u3063\u3066\u6765\u308b\u3002 \u56f0\u3063\u305f\u3082\u306e\u3067\u3042\u308b\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[115],"tags":[177,176,164,175,148],"class_list":["post-10126","post","type-post","status-publish","format-standard","hentry","category-software","tag-dovecot","tag-mail","tag-openssl","tag-postfix","tag-server"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/posts\/10126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/comments?post=10126"}],"version-history":[{"count":0,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/posts\/10126\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/media?parent=10126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/categories?post=10126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/tags?post=10126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}