SMTP서버 구축(postfix)
다크쉐라빔
SMTP서버 구축(postfix)# E-Mail2022. 6. 2. 08:40@다크쉐라빔
Table of Contents
728x90
반응형



라운드큐브 메일 사용을 위한 스텝1

smtp인증서버 구축진행

 

설치환경

[daraksharavim.tistory.com]$ cat /etc/redhat-release
Rocky Linux release 8.6 (Green Obsidian)


설치확인

[daraksharavim.tistory.com]$ rpm -qa | grep postfix


없다면 설치진행

[daraksharavim.tistory.com]$ yum -y install postfix


상태확인

[daraksharavim.tistory.com]$ systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; disabled; vendor preset: disabled)
   Active: inactive (dead)


sasl설치

[daraksharavim.tistory.com]$ yum -y install cyrus-sasl cyrus-sasl-plain


sasl설정

[daraksharavim.tistory.com]$ vi /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login


postfix설정

$ vi /etc/postfix/main.cf
# 77번 라인밑에 추가
myhostname = webmail.darksharavim.com
mydomain = darksharavim.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
home_mailbox = Maildir/

#아래 설정상 mynetworks가 any이므로 스팸메일이나 무작위 릴레이 서버로 이용될 수 있으므로
#restrictions 설정을 통해 sasl 인증받은 요청에 한해서만 허용하며 나머지는 모두 거부하는 형태로 설정

smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_sasl_authenticated, reject
smtpd_relay_restrictions = permit_sasl_authenticated, reject
smtpd_recipient_restrictions = permit_auth_destination,permit_sasl_authenticated,reject

mynetworks = 0.0.0.0/0

 

587번 포트 활성화

[daraksharavim.tistory.com]$ vi /etc/postfix/master.cf
# 17번 라인 주석제거
submission inet n       -       n       -       -       smtpd



postfix재기동 및 포트확인

[daraksharavim.tistory.com]$ systemctl restart postfix
[daraksharavim.tistory.com]$ systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-06-04 17:07:18 KST; 742ms ago
  Process: 19643 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
  Process: 19641 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
  Process: 19636 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
  Process: 19634 ExecStartPre=/usr/sbin/restorecon -R /var/spool/postfix/pid/master.pid (code=exited, status=255)
 Main PID: 19711 (master)
    Tasks: 3 (limit: 23458)
   Memory: 4.8M
   CGroup: /system.slice/postfix.service
           ├─19711 /usr/libexec/postfix/master -w
           ├─19712 pickup -l -t unix -u
           └─19713 qmgr -l -t unix -u

 6월 04 17:07:18 darksharavim systemd[1]: Starting Postfix Mail Transport Agent...
 6월 04 17:07:18 darksharavim restorecon[19634]: /usr/sbin/restorecon: lstat(/var/spool/postfix/pid/master.pid) failed: No such file or directory
 6월 04 17:07:18 darksharavim postfix/master[19711]: daemon started -- version 3.5.8, configuration /etc/postfix
 6월 04 17:07:18 darksharavim systemd[1]: Started Postfix Mail Transport Agent.

[daraksharavim.tistory.com]$ netstat -nl | egrep '587|25'
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp6       0      0 :::25                   :::*                    LISTEN
tcp6       0      0 :::587                  :::*                    LISTEN
unix  2      [ ACC ]     STREAM     LISTENING     42566    /var/lib/sss/pipes/private/sbus-dp_implicit_files.5016
unix  2      [ ACC ]     STREAM     LISTENING     160125   private/scache
unix  2      [ ACC ]     STREAM     LISTENING     25578    /var/run/vmware/guestServicePipe

 

 

saslauth서비스 재기동

[daraksharavim.tistory.com]$ systemctl restart saslauthd
[daraksharavim.tistory.com]$ systemctl status saslauthd
● saslauthd.service - SASL authentication daemon.
   Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-06-04 17:07:34 KST; 1s ago
  Process: 19722 ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS (code=exited, status=0/SUCCESS)
 Main PID: 19723 (saslauthd)
    Tasks: 5 (limit: 23458)
   Memory: 1.8M
   CGroup: /system.slice/saslauthd.service
           ├─19723 /usr/sbin/saslauthd -m /run/saslauthd -a pam
           ├─19724 /usr/sbin/saslauthd -m /run/saslauthd -a pam
           ├─19725 /usr/sbin/saslauthd -m /run/saslauthd -a pam
           ├─19726 /usr/sbin/saslauthd -m /run/saslauthd -a pam
           └─19727 /usr/sbin/saslauthd -m /run/saslauthd -a pam

 6월 04 17:07:34 darksharavim systemd[1]: Starting SASL authentication daemon....
 6월 04 17:07:34 darksharavim saslauthd[19723]:                 : master pid is: 19723
 6월 04 17:07:34 darksharavim saslauthd[19723]:                 : listening on socket: /run/saslauthd/mux
 6월 04 17:07:34 darksharavim systemd[1]: Started SASL authentication daemon..

 


인증테스트

[daraksharavim.tistory.com]$ telnet localhost 587
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 webmail.darksharavim.com ESMTP Postfix
ehlo localhost
250-webmail.darksharavim.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
auth login
334 VXNlcm5hbWU6
dGVzdA==
334 UGFzc3dvcmQ6
dGVzdA==
235 2.7.0 Authentication successful
mail from:<kajin7@darksharavim.com>
250 2.1.0 Ok
rcpt to:<kajin7@darsharavim.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject:test mail
this is test mail
.
250 2.0.0 Ok: queued as 4EA92D0056

 

인증없이 시도할 경우 거부됨.

[daraksharavim.tistory.com]$ telnet localhost 587
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 webmail.darksharavim.com ESMTP Postfix
ehlo localhost
250-webmail.darksharavim.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
mail from:<kajin7@darksharavim.com>
250 2.1.0 Ok
rcpt to:<kajin7@darksharavim.com>
554 5.7.1 <localhost[::1]>: Client host rejected: Access denied

 


https://www.postfix.org/SASL_README.html

 

Postfix SASL Howto

SMTP servers need to decide whether an SMTP client is authorized to send mail to remote destinations, or only to destinations that the server itself is responsible for. Usually, SMTP servers accept mail to remote destinations when the client's IP address i

www.postfix.org

 

 

https://www.checktls.com/

 

Secure Email

EmailSentry is a commercial product licensed to companies for their employee use. It checks every recipient, every email, every time. It is an inexpensive, easy, and approved answer to HIPAA, GDPR, CCPA, PCI, and other email security compliance requirement

www.checktls.com

 

728x90
반응형

'# E-Mail' 카테고리의 다른 글

IMAP&POP3서버 구축(dovecot)  (0) 2022.06.04
지메일 외부메일 가져오기 설정  (0) 2022.06.02
윈도우 라이브메일2012 다운로드 설치  (7) 2020.04.03
썬더버드 메일 네이버 메일 계정 추가  (0) 2017.01.10
네이버 메일 장애  (0) 2015.12.18
다크쉐라빔
@다크쉐라빔 :: 다크쉐라빔의 주절주절

안녕하세요. 이곳은 IT위주의 잡다한 정보를 올려두는 개인 블로그입니다.

포스팅이 좋았다면 "좋아요❤️" 또는 "구독👍🏻" 해주세요!

# E-Mail 추천 글
more
image

티스토리툴바