Postfix の設定



(2019.1)

Zimbra v8.8.10 on CentOS 7 で試した;

  • zimbra-postfix-3.1.1-1zimbra8.7b1.el7.x86_64

Postfix 自体の 2018年12月現在の stable release は v3.3.2 で, v3.1系列も v3.1.10 になっている。やや古い。

とはいえ, CentOS 7 に添付の Postfix は v2.10.1 (2013年) で、あまりに古い. LTS の Linux ディストリビューションの難しいところ。一度インストールするとバージョンを固定したいが、新たに入れるとすると、古すぎる。アプリケーション部分については, バージョン固定したいという気持ちの方を抑えて, rolling release に付いていったほうが、結局は望ましい。

設定ファイル

設定ファイルは /opt/zimbra/common/conf にある.

master.cf, main.cf が重要. ほかのファイルの起点になる。

Postfix 標準から, すごい弄ってる;

●●TODO: 結局、どう設定するのか、解説する。

# diff main.cf.proto main.cf
50c50
< queue_directory = /var/spool/postfix
---
> queue_directory = /opt/zimbra/data/postfix/spool
55c55
< command_directory = /usr/sbin
---
> command_directory = /opt/zimbra/common/sbin
61c61
< daemon_directory = /usr/libexec/postfix
---
> daemon_directory = /opt/zimbra/common/libexec
67c67
< data_directory = /var/lib/postfix
---
> data_directory = /opt/zimbra/data/postfix/data
544c544
< header_checks = pcre:/opt/zimbra/conf/postfix_header_checks
---
> header_checks = 
642c642
< sendmail_path =
---
> sendmail_path = /opt/zimbra/common/sbin/sendmail
647c647
< newaliases_path =
---
> newaliases_path = /opt/zimbra/common/sbin/newaliases
652c652
< mailq_path =
---
> mailq_path = /opt/zimbra/common/sbin/mailq
658c658
< setgid_group =
---
> setgid_group = postdrop
662c662
< html_directory =
---
> html_directory = no
666c666
< manpage_directory =
---
> manpage_directory = /opt/zimbra/common/share/man
671c671
< sample_directory =
---
> sample_directory = /opt/zimbra/common/conf
675,676c675,676
< readme_directory =
< inet_protocols = all
---
> readme_directory = no
> inet_protocols = ipv4
698c698
< mydestination = localhost.localdomain localhost
---
> mydestination = localhost
713,717c713
< smtpd_recipient_restrictions =
<        reject_non_fqdn_recipient,
<        permit_sasl_authenticated,
<        permit_mynetworks,
<        reject_unauth_destination
---
> smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, permit
724c720
< smtpd_tls_loglevel = 3
---
> smtpd_tls_loglevel = 1
726a723,850
> meta_directory = /opt/zimbra/common/conf
> shlib_directory = no
> postscreen_dnsbl_min_ttl = 60s
> in_flow_delay = 1s
> postscreen_dnsbl_whitelist_threshold = 0
> postscreen_command_count_limit = 20
> smtp_dns_support_level = enabled
> smtpd_sasl_security_options = noanonymous
> address_verify_positive_refresh_time = 12h
> postscreen_pipelining_ttl = 30d
> default_process_limit = 100
> smtpd_tls_ask_ccert = no
> smtpd_tls_ccert_verifydepth = 9
> smtpd_error_sleep_time = 1s
> lmtp_tls_security_level = may
> smtp_tls_CApath = 
> smtpd_reject_unlisted_sender = no
> hopcount_limit = 50
> address_verify_poll_delay = 3s
> lmtp_host_lookup = dns
> lmtp_tls_loglevel = 0
> smtpd_banner = $myhostname ESMTP $mail_name
> lmtp_tls_ciphers = export
> postscreen_greet_action = ignore
> smtp_sasl_security_options = noplaintext,noanonymous
> postscreen_blacklist_action = ignore
> smtp_tls_ciphers = export
> postscreen_pipelining_enable = no
> delay_warning_time = 0h
> bounce_queue_lifetime = 5d
> smtpd_tls_auth_only = yes
> local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
> postscreen_watchdog_timeout = 10s
> postscreen_access_list = permit_mynetworks
> mailbox_size_limit = 0
> notify_classes = resource, software
> bounce_notice_recipient = postmaster
> lmtp_tls_protocols = !SSLv2, !SSLv3
> smtp_sasl_auth_enable = no
> mynetworks = 127.0.0.0/8 [::1]/128 192.168.61.0/24
> message_size_limit = 10240000
> smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
> smtp_helo_name = $myhostname
> address_verify_poll_count = ${stress?3}${stress:5}
> maximal_queue_lifetime = 5d
> postscreen_whitelist_interfaces = static:all
> smtp_tls_loglevel = 0
> myhostname = pineapple.fruits
> smtpd_sasl_auth_enable = yes
> postscreen_dnsbl_reply_map = 
> virtual_alias_expansion_limit = 10000
> postscreen_non_smtp_command_ttl = 30d
> smtpd_client_port_logging = no
> relayhost = 
> postscreen_greet_ttl = 1d
> smtp_sasl_password_maps = 
> smtpd_tls_CAfile = 
> smtpd_tls_security_level = may
> postscreen_bare_newline_enable = no
> import_environment = 
> max_use = 100
> milter_content_timeout = 300s
> minimal_backoff_time = 300s
> postscreen_dnsbl_sites = 
> recipient_delimiter = 
> unverified_recipient_defer_code = 250
> postscreen_upstream_proxy_protocol = 
> postscreen_non_smtp_command_action = drop
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> postscreen_dnsbl_ttl = 1h
> smtp_tls_mandatory_ciphers = medium
> smtpd_sender_login_maps = 
> lmtp_connection_cache_destinations = 
> content_filter = smtp-amavis:[127.0.0.1]:10024
> queue_run_delay = 300s
> lmtp_tls_mandatory_ciphers = medium
> smtp_generic_maps = 
> milter_connect_timeout = 30s
> milter_default_action = tempfail
> address_verify_negative_refresh_time = 10m
> lmtp_tls_exclude_ciphers = 
> smtpd_end_of_data_restrictions = 
> smtp_tls_security_level = may
> smtpd_tls_mandatory_ciphers = medium
> postscreen_non_smtp_command_enable = no
> lmtp_tls_CAfile = 
> lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
> postscreen_bare_newline_action = ignore
> postscreen_cache_retention_time = 7d
> smtpd_milters = 
> smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re
> smtp_tls_protocols = !SSLv2, !SSLv3
> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
> smtpd_tls_CApath = 
> smtpd_soft_error_limit = 10
> postscreen_dnsbl_action = ignore
> postscreen_pipelining_action = enforce
> smtp_transport_rate_delay = $default_transport_rate_delay
> smtp_fallback_relay = 
> lmtp_tls_CApath = 
> smtp_cname_overrides_servername = no
> postscreen_dnsbl_threshold = 1
> postscreen_bare_newline_ttl = 30d
> smtpd_proxy_timeout = 100s
> smtpd_tls_dh1024_param_file = /opt/zimbra/conf/dhparam.pem
> postscreen_cache_cleanup_interval = 12h
> propagate_unmatched_extensions = canonical
> smtp_sasl_mechanism_filter = 
> milter_command_timeout = 30s
> smtpd_client_auth_rate_limit = 0
> non_smtpd_milters = 
> smtpd_tls_ciphers = export
> lmdb_map_size = 16777216
> smtpd_sasl_authenticated_header = no
> smtpd_hard_error_limit = 20
> maximal_backoff_time = 4000s
> smtp_tls_CAfile = 
> smtpd_reject_unlisted_recipient = no
> smtpd_tls_protocols = !SSLv2, !SSLv3
> tls_append_default_CA = no
> smtp_tls_dane_insecure_mx_policy = dane
> smtp_tls_mandatory_protocols = 
> postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
> sender_canonical_maps = 
> smtpd_tls_received_header = no
> always_add_missing_headers = yes
> lmtp_connection_cache_time_limit = 4s
> smtpd_tls_exclude_ciphers =