Postfix+Dovecot+Apache+MySQL+PostfixAdmin

メールサーバといっても運用すると、メールアドレスの追加削除などどうしても管理画面が必要になります。

そこでこの記事のような構成になります。

またPostfixAdminを利用せずにもSQLを記述することで、オリジナルの管理フォームを作成することも可能です。

基本インストール

yum groupinstall "Development Tools"
yum groupinstall "Base"
yum install gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2 libxml2-devel libxslt-devel libxslt libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools-devel flex
yum update

リポジトリのインストール

# yum -y install yum-priorities

epel
# yum install -y epel-release

remi
# rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

PHP関連

# yum install gcc httpd httpd-devel mod_ssl libcap-devel
# yum install --enablerepo=remi-php70,epel  php php-cli php-devel php-common php-mbstring php-mysql php-phpunit-PHPUnit php-pecl-xdebug php-gd php-gmp php-pdo php-xml php-mcrypt  php-fpm php-pear php-opcache php-imap

# vi /etc/php.ini


[PHP]

include_path = ".:/usr/share/php:/usr/share/pear" ←追加


[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
;date.timezone =
date.timezone = 'Asia/Tokyo' ←追加

MySQLのインストール

mysql-communityの登録

# yum install http://repo.mysql.com/mysql-community-release-el7.rpm

インストール

# yum install mysql mysql-devel mysql-server mysql-utilities mysql-community-common

systemctl start mysqld
systemctl enable mysqld

rootパスワード設定

# mysql -u root

mysql> UPDATE mysql.user SET Password=PASSWORD('パスワード') WHERE User='root';

mysql> DELETE FROM mysql.user WHERE User = '';

mysql> FLUSH PRIVILEGES;

mysql> EXIT;
Bye

postfixユーザ設定

# mysql -u root -p

mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfixのパスワード';

mysql> CREATE DATABASE postfix CHARACTER SET utf8;

mysql> GRANT ALL ON postfix.* to postfix@localhost;

mysql> EXIT;

[root@sysgtest-Mail ~]# postconf -m
btree
cidr
environ
hash
ldap
mysql
nis
pcre
proxy
regexp
static
unix

# yum install --enablerepo=remi-php70,epel postfix dovecot mysql-server dovecot-mysql php httpd cyrus-sasl-sql cyrus-sasl-devel cyrus-sasl-plain php-mbstring php-imap php-mysql mod_ssl

# cp -p /etc/postfix/main.cf /etc/postfix/main.cf.org

# vi /etc/postfix/main.cf


myhostname = example.net


#mydomain = domain.tld
mydomain = example.net


myorigin = $mydomain


inet_interfaces = all

inet_protocols = ipv4


#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydestination =

mynetworks = 127.0.0.0/8

#home_mailbox = Maildir/
home_mailbox = Maildir/

smtpd_banner = ESMTP unknown


※最終行に追加

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination

broken_sasl_auth_clients=yes

smtpd_client_restrictions =
        permit_mynetworks,
        reject_rbl_client all.rbl.jp,
      #  reject_rbl_client list.dsbl.org,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client sbl-xbl.spamhaus.org

### clamav
#smtpd_milters = unix:/var/run/clamav/clamav-milter.sock
#non_smtpd_milters = unix:/var/run/clamav/clamav-milter.sock
#milter_default_action = accept

### Postfix admin settings
local_transport = local
virtual_transport = virtual
virtual_mailbox_base = /home/mailuser
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_alias_domains = $virtual_alias_maps
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

# vi /etc/postfix/mysql_virtual_alias_maps.cf

user = postfix
password = Aghaoralkjogaltuskato60382postfixmaster
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

# vi /etc/postfix/mysql_virtual_domains_maps.cf

user = postfix
password = Aghaoralkjogaltuskato60382postfixmaster
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%u'

# vi /etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix
password = Aghaoralkjogaltuskato60382postfixmaster
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'

# cp -p /etc/postfix/master.cf /etc/postfix/master.cf.org

# vi /etc/postfix/master.cf

smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

# groupadd -g 5000 mailuser
# useradd -u 5000 -g 5000 -d /home/mailuser -s /sbin/nologin mailuser

# cp -p /etc/sasl2/smtpd.conf /etc/sasl2/smtpd.conf.org

# vi /etc/sasl2/smtpd.conf


#pwcheck_method: saslauthd
#mech_list: plain login

pwcheck_method: auxprop
auxprop_plugin: sql
allowplaintext: yes
mech_list: plain login

sql_engine: mysql
sql_hostnames: localhost
sql_user: postfix
sql_passwd: Aghaoralkjogaltuskato60382postfixmaster
sql_database: postfix

sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = '1'

# vi /etc/httpd/conf.d/admin.conf


<VirtualHost *:443>
ServerName example.net
DocumentRoot /home/mailuser/public_html
ErrorLog logs/virtual-error_log
CustomLog logs/virtual-access_log combined env=!no_log
<Directory "/home/mailuser/public_html">
AllowOverride all
</Directory>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
</VirtualHost>

# mkdir /home/mailuser/public_html

# vi /home/mailuser/public_html/index.php

<?php
header('HTTP', true, 404);
?>
404 not found

# chmod 711 /home/mailuser
# chmod 711 /home/mailuser/public_html

systemctl restart httpd
systemctl enable httpd

http://example.net

phpMyAdminインストール

cd /usr/local/src/
wget https://files.phpmyadmin.net/phpMyAdmin/4.6.4/phpMyAdmin-4.6.4-all-languages.zip
unzip phpMyAdmin-4.6.4-all-languages.zip
rm -rf phpMyAdmin-4.6.4-all-languages.zip
mv phpMyAdmin-4.6.4-all-languages /home/mailuser/public_html/xxxphpMyAdmin

https://example.net/xxxphpMyAdmin/

PostfixAdmin

最新版をダウンロードしてアップロードする。
https://sourceforge.net/projects/postfixadmin/?source=typ_redirect

# tar xzvf postfixadmin-3.0.tar.gz
# mv postfixadmin-3.0 /home/mailuser/public_html/xxxpostfixadmin
# cd /home/mailuser/public_html/xxxpostfixadmin
# cp config.inc.php config.inc.org.php

# vi config.inc.php


//$CONF['configured'] = false;
$CONF['configured'] = true;

//$CONF['default_language'] = 'en';
$CONF['default_language'] = 'ja';



// Database Config
// mysql = MySQL 3.23 and 4.0, 4.1 or 5
// mysqli = MySQL 4.1+ or MariaDB
// pgsql = PostgreSQL
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'Aghaoralkjogaltuskato60382postfixmaster';
$CONF['database_name'] = 'postfix';


//$CONF['encrypt'] = 'md5crypt';
$CONF['encrypt'] = 'cleartext';

# chmod 777 /home/mailuser/public_html/xxxpostfixadmin/templates_c

https://example.net/xxxpostfixadmin/setup.php

ハッシュ用
745698kyfajl

# vi config.inc.php

//$CONF['setup_password'] = 'changeme';
$CONF['setup_password'] = 'e27644ea2437ef0357a7c25f76783e53:43bcef0fb32876142a5a30a1c035631ad658c181';

https://example.net/xxxpostfixadmin/setup.php

https://example.net/xxxpostfixadmin/login.php

Dovecot設定

# cp -p /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.org

# vi /etc/dovecot/conf.d/10-auth.conf

#disable_plaintext_auth = yes
disable_plaintext_auth = no
auth_mechanisms = plain login


#!include auth-system.conf.ext
!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

# vi /etc/dovecot/conf.d/10-mail.conf

#mail_location =
mail_location = maildir:/home/mailuser/%d/%n/

# cp -p /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.org

# vi /etc/dovecot/conf.d/10-master.conf


service imap-login {
  inet_listener imap {
    port = 143 ←有効化
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }

  # Number of connections to handle before starting a new process. Typically
  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
  # is faster. <doc/wiki/LoginProcess.txt>
  #service_count = 1

  # Number of processes to always keep waiting for more connections.
  #process_min_avail = 0

  # If you set service_count=0, you probably need to grow this.
  #vsz_limit = 64M
}

service pop3-login {
  inet_listener pop3 {
    port = 110 ←有効化
  }
  inet_listener pop3s {
    #port = 995
    #ssl = yes
  }
}

# cp -p /etc/dovecot/conf.d/auth-sql.conf.ext /etc/dovecot/conf.d/auth-sql.conf.ext.org

# vi /etc/dovecot/conf.d/auth-sql.conf.ext


passdb {
  driver = sql

  # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
  #args = /etc/dovecot/dovecot-sql.conf.ext ←無効化
  args = /etc/dovecot/conf.d/dovecot-sql.conf.ext ←追加
}


userdb {
  driver = sql
  #args = /etc/dovecot/dovecot-sql.conf.ext ←無効化
  args = /etc/dovecot/conf.d/dovecot-sql.conf.ext ←追加
}

# vi /etc/dovecot/conf.d/dovecot-sql.conf.ext

driver = mysql
default_pass_scheme = PLAIN
connect = host=localhost dbname=postfix user=postfix password=Aghaoralkjogaltuskato60382postfixmaster
password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT concat('/home/mailuser/', maildir) as home, 5000 as uid, 5000 as gid FROM mailbox WHERE username = '%u' AND active = '1'

# vi /etc/dovecot/conf.d/20-imap.conf


protocol imap {
  # Maximum IMAP command line length. Some clients generate very long command
  # lines with huge mailboxes, so you may need to raise this if you get
  # "Too long argument" or "IMAP command line too large" errors often.
  #imap_max_line_length = 64k

  # Maximum number of IMAP connections allowed for a user from each IP address.
  # NOTE: The username is compared case-sensitively.
  #mail_max_userip_connections = 10
  mail_max_userip_connections = 1000 ←追加

systemctl restart dovecot
systemctl enable dovecot
systemctl restart postfix
systemdtl enable postfix
systemctl restart saslauthd
systemctl enable saslauthd

簡易TLS対応

# cd /etc/pki/tls/certs/

# make mail.pem

umask 77 ; \
        PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
        PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
        /usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
        cat $PEM1 >  mail.pem ; \
        echo ""    >> mail.pem ; \
        cat $PEM2 >> mail.pem ; \
        rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
.......................................................+++
..............................................................................................................+++
writing new private key to '/tmp/openssl.VvngWK'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Akihabara
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:example.net
Email Address []:root@servernetworx.com

# vi /etc/postfix/main.cf

###TLS
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.pem
smtpd_tls_key_file = /etc/pki/tls/certs/mail.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache

# vi /etc/postfix/master.cf


smtp      inet  n       -       n       -       -       smtpd ←有効
submission inet n       -       n       -       -       smtpd ←有効
#  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes ←有効
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject ←有効
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd ←有効
  -o smtpd_tls_wrappermode=yes ←有効
  -o smtpd_sasl_auth_enable=yes ←有効
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr ←有効

# vi /etc/dovecot/conf.d/10-ssl.conf


#ssl = yes
ssl = yes

#ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
#ssl_key = </etc/pki/dovecot/private/dovecot.pem
ssl_cert = </etc/pki/tls/certs/mail.pem
ssl_key = </etc/pki/tls/certs/mail.pem

systemctl restart dovecot
systemctl enable dovecot
systemctl restart postfix
systemdtl enable postfix
systemctl restart saslauthd
systemctl enable saslauthd