PPoossttffiixx ɥ쥹 HHoowwttoo

-------------------------------------------------------------------------------

ٹ

ΥɥȤ˽񤫤Ƥ/ԥɥ쥹ڵǽή̤ʤ
ȤˤΤŬƤޤ٤⤤ȥѥեޥ󥹤ʤꡢץХ
äƤϥȤ֥åꥹȤ˺ܤƤޤ⤷ޤ󡣾ܺ٤ϰʲ ""
򻲾ȤƤ

PPoossttffiixx ɥ쥹ڤǤ뤳

ɥ쥹ڤϥɥ쥹ǽǤ뤳Ȥ򸡾ڤޤ Postfix SMTP Ф
 (MAIL FROM) ޤϼ (RCPT TO) ɥ쥹֥åǤ褦ˤ
ǽǤ

Υƥ˥åˤϡǤʤԥɥ쥹ĥ󥯥᡼
Ȥ餫Ӥޤ

ޤΥƥ˥åϡ㤨ͭʼԥɥ쥹ƤΥꥹȤʤ
᡼ѥۥȤǡǤʤԤФ᡼֥åΤˤ
ǤˤǤʤ󥯥᡼뤬塼餺Postfix 
MAILER-DAEMON å֤ȥ꥽̵̤ˤʤƤѤߤޤ

εǽ Postfix С 2.1 ʹߤǻȤޤ

ΥɥȤСƤ:

  * ɥ쥹ڤƯ
  * ɥ쥹ڤ
  * ԥɥ쥹θ
  * ˤ٤ɥᥤ󤫤Υ᡼ԥɥ쥹θ
  * E᡼Ƥԥɥ쥹θ
  * ɥ쥹ڥǡ١
  * ɥ쥹ڥǡ١δ
  * ɥ쥹ڥץ֤Υ롼ƥ
  * ץ֥롼ƥ󥰤
  * ץ֥롼ƥ󥰤ζˤ

ɥ쥹ڤƯƯ

Ԥ⤷ϼԥɥ쥹ϡºݤˤϥ᡼餺ˤΥɥ쥹˺Ǥᤤ
MTA õ뤳ȤǸڤޤǤᤤ MTA  Postfix Ȥ⤷ޤ󤷡
⡼ MTA ⤷ޤ (SMTP )ץ֥å̾Υ᡼
Ƥޤٱ䡢Х󥹤뤳ȤϤޤ; ץ֥å
˼ΤƤޤ

    󥿡    Postfix          Postfix           ɥ쥹
     ͥå  ->   SMTP   <->             <->     
                                     ǡ١

                                    |    ^
                             ץ    
                           å    
                                    v    |

                             Postfix     Postfix
                             塼   ->  
                                         

Postfix ɥ쥹ڤͭˤʤäƤȡ̾Υ᡼Ϻǽ顢ɥ쥹
6äȤۤûԤޤöɥ쥹֤狼ȡ
֤ϥå夵 Postfix Ϥ˱ޤ

ڤ˻֤ꤹȡPostfix SMTP ФԤޤϼԥɥ쥹
450 ٱ䤷ޤ̤Υ᡼륯饤ȤϤФ餯ٱ򤪤ƺƤ
³ޤɥ쥹ڤٱ main.cf  address_verify_poll_count 
address_verify_poll_delay ѥ᡼ǽǤܺ٤ postconf(5) 
ȤƤ

ɥ쥹ڤ

  * ⡼ȥɥ쥹򸡾ڤ硢Postfixϸڤ륢ɥ쥹ФƺǤᤤ
    MTA򡢼ºݤˤΥɥ쥹˥᡼餺õޤǤᤤMTA
    Υɥ쥹դȡPostfixǽȸʤޤºݤˤ
    ǤᤤMTAԥɥ쥹ָǡץ⡼ȥɥ쥹Υ᡼
    Х󥹤뤫⤷ޤ

  * ˤõ (ץ֤ϥ᡼ʤSMTPåǤ)
    ¸ߤʤɥ쥹Фˤõȡʤ֥åꥹȤ
    ܤƤޤȤ⤢뤫⤷ޤ󡣤줬̤E᡼
    ȤǤϡȤȤȤƤ⡢ԥɥ쥹ڤ򿵽Ť˻Ȥ٤
    ȤͳΰĤǤ

  * ̾ɥ쥹ڥå̤Υ᡼Ʊƻڤ򤿤ɤޤ
     relayhost ͳƥ󥿡ͥåȤ˥᡼륵Ȥ⤢ޤ;
    Ǥϥɥ쥹ڤǤޤ󡣥᡼Υ롼ƥ󥰤񤭤ˡ
    򤪤ʤʤФʤˤ¤ϡʲ "ɥ쥹
    ץ֤Υ롼ƥ" 򻲾ȤƤ

  * ڤ륢ɥ쥹ФƺǤᤤ MTA õݤȡݤͳ
    (饤ȤεݡHELO εݡMAIL FROM εݤʤ) ˤ餺
    Postfix ǤʤȸʤޤơԤ MTA ʤ
    ޥ󤫤Υ᡼ݤ Postfix ϥ᡼ݤޤ
    褤ȤǤ

  * ǰʤ顢YAHOO Τ褦ΥȤˤ RCPT TO ޥɤФƤ
    Τʤɥ쥹ݤå줿 DATA ν
    Ԥ𤹤ΤޤPostfix ɥ쥹ڤϡΤ褦
    ȤǤƯޤ

  * ǥեȤǤϡPostfix ڥåԥɥ쥹Ȥ
    "postmaster@$myorigin" Ȥޤ Postfix SMTP Ф
    ɥ쥹Υ᡼ݤʤΤǡְפǤ

     null ɥ쥹Ѥ뤳ȤǤޤ ("address_verify_sender =")
     MAIL FROM: <> ݤ褦ʴְä꤬ʤ줿ȤǤϡ
    "postmaster@$myorigin" õ뤬null ɥ쥹Ǥϥɥ쥹
    õԤƤޤΤǡְǤϤޤס

ԥɥ쥹θ

˽Ҥ٤褦ˡԥɥ쥹ڤϡƤͭʼԥɥ쥹ΥꥹȤ
ʤ᡼졼ۥȤǤʤ԰Υ᡼֥åΤ
Ǥϥ᡼륭塼 MAILER-DAEMON åԤʤ褦
ΤΩĤǤ礦

ԥɥ쥹ڤŪñǡճʤȤϤޤ󡣼Ըڤ
ԤȡPostfix Ϥμԥɥ쥹Υ᡼ݤޤԸڤ
ȡPostfix Ϥμԥɥ쥹Υ᡼դޤ

    /etc/postfix/main.cf:
        smtpd_recipient_restrictions =
            permit_mynetworks
            reject_unauth_destination
            ...
            reject_unknown_recipient_domain
            reject_unverified_recipient
            ...

"reject_unknown_recipient_domain" ¤¸ߤʤɥᥤ󰸤Υ᡼
ݤޤ "reject_unverified_recipient" ֤Ȥǡɬפ
ڥå뤳Ȥˤ륪Сإåɤ򤱤ޤ

unverified_recipient_reject_code ѥ᡼ (ǥե 450) ˤϡ
ɥ쥹Х󥹤Ȥ狼äƤȤ Postfix ɤΤ褦˱뤫
ꤷޤPostfix ȽǤꤹΤǤС 550 Ѥ


ˤ٤ɥᥤΥ᡼ԥɥ쥹θ

٤줿E᡼ˤ褯ΥɥᥤФԥɥ쥹ڤͭ
ΤŪǤ

    /etc/postfix/main.cf:
        smtpd_sender_restrictions = hash:/etc/postfix/sender_access
        unverified_sender_reject_code = 550
        # 1: ʲ "å" 褯ɤǤ
        # 2: Ǥ hash ե򤱡 btree ȤäƤ
        address_verify_map = btree:/var/mta/verify

    /etc/postfix/sender_access:
        aol.com     reject_unverified_sender
        hotmail.com reject_unverified_sender
        bigfoot.com reject_unverified_sender
        ... etcetera ...

褯٤ MAIL FROM ɥᥤΥꥹȤ http://www.monkeys.com/anti-spam
/filtering/sender-domain-validate.in ˤޤ

: ޤϤʤȤΥɥᥤƤФԥɥ쥹ڤͭˤΤ
褤Ǥ礦

EE᡼Ƥԥɥ쥹θ

ǰʤ顢ԥɥ쥹ڤE᡼ƤФƤϴñͭˤǤޤ -
ְ꤬äƥफΥ᡼򼺤äƤޤ⤷ޤ
ޤְ㤤ʤΥɥ쥹⤷ϥɥᥤΤФƥۥ磻ȥꥹȤ
ꤹɬפǤ礦

ԥɥ쥹ڤΥ᡼ؤαƶΤˤϡɤΥ᡼뤬֥å뤳Ȥ
ʤ뤫Τ뤿 "warn_if_reject reject_unverified_sender" ꤷޤ:

    /etc/postfix/main.cf:
        smtpd_sender_restrictions =
            permit_mynetworks
            ...
            check_sender_access hash:/etc/postfix/sender_access
            reject_unknown_sender_domain
            warn_if_reject reject_unverified_sender
            ...
        # 1: ʲ "å" 褯ɤǤ
        # 2: Ǥ hash ե򤱡 btree ȤäƤ
        address_verify_map = btree:/var/mta/verify

ºݤ˥᡼ݤϤˡɥ쥹ڷ̤Υå򽸤ƤΤ
褤Ǥ礦

sender_access ¤ˤ OK Ȥ狼äƤɥᥤ䥢ɥ쥹ۥ磻ȥꥹȤ
ꥹȥåפƤɬפޤPostfix ϸڤ˼ԤƤ⡢褤Ȥ狼ä
륢ɥ쥹ȥޡϤޤ󤬡ѿ˱ۤȤϤޤ

: securityfocus.com ʤɤΤ褦ˡ줾ƤФưۤʤ
ɥ쥹 (VERP) ȤäƤ᡼󥰥ꥹȤ򱿱ĤƤ륵Ȥۥ磻
ꥹȤ˥ꥹȥåפƤɬפǤ礦Τ褦ʥɥ쥹ϥɥ쥹
ڥå򤹤˱ɬפԸڥץ֤뤳Ȥ
ʤޤ

    /etc/postfix/sender_access
        securityfocus.com OK
        ...

"reject_unknown_sender_domain" ¤¸ߤʤɥᥤ󤫤Υ᡼֥å
ޤ "reject_unverified_sender" ֤Ȥǡɬפʥץ
å륪Сإåɤ򤱤ޤ

unverified_sender_reject_code ѥ᡼ (ǥե 450) ˤϡ
ɥ쥹Х󥹤Ȥ狼äƤȤ Postfix ɤΤ褦˱뤫
ꤷޤPostfix ȽǤꤹΤǤС 550 Ѥ


ɥ쥹ڥǡ١

: ǥեȤǤϡɥ쥹ھϱ³Ūʥեˤݴɤޤ
main.cf ǥեꤷʤФޤ (ʲ)³Ūݴɤ
ե륷ƥǻȤʾΥǥڡɬפˤʤ뤫⤷ʤᡢ
ǥեȤǤ̵ˤʤäƤޤ

ɥ쥹ھ Postfix verify ǡˤäƥå夵ޤPostfix
ˤϹŪŪʷ̤Υå椹ϢΥѥ᡼ޤ
ܺ٤ verify(8) ޥ˥奢ڡ򻲾ȤƤ

address_verify_map (: ñ) ѥ᡼ˤϥץԥɥ쥹
ڷ̤α³Ūǡ١ꤷޤեꤷʤȡɥ쥹
ھ "postfix reload" ޤ "postfix stop" θǼޤ

/var ե륷ƥ˽ʬʶСʲƤ:

    /etc/postfix/main.cf:
        # : Ǥ hash ե򤱡 btree ȤäƤ
        address_verify_map = btree:/var/mta/verify

: ڡȤ̤褦ʥե륷ƥˤϤΥե֤ʤ
ɥ쥹ڥơ֥뤬ȡϽ˻ꡢΥ
Ƥ褦ˡ֤ʤưǡ׻֤ʤФޤ󡣤ޤǤ
֡SMTP ǥ᡼ʤʤޤ

verify(8) ǡץϡǡ١ʤп˺chroot
ƹä root ¤Ȥ˥ե򥪡ץ/ޤ

ɥ쥹ڥǡ١δ

verify(8) ޥ˥奢ڡˤϡå夵ƻĤ󤬹ޤǤ
֤䡢"줺" ĤäƤδ¤ڤޤǤδ֤椹
ѥ᡼ҤƤޤPostfix ϡŪʷ (ɥ쥹դ
) Ūʷ (ɥ쥹ݤ) ФƤ椬ۤʤޤ

ߤϡɥ쥹ڥǡ١ġ󶡤Ƥޤ
ե뤬礭ʤꤹե뤬줿顢ưǥե͡ष
 "postfix reload" ¹Ԥ뤳ȤǤޤ뤳Ȥǡ
verify ǡץǡ١褦ˤʤޤ

ɥ쥹ڥץ֤Υ롼ƥ

ǥեȤǤϡPostfix ̾Υ᡼Ʊ롼Ȥǥɥ쥹ڥץ
åޤϤƤǤŬڤʷ̤ˤʤ뤿Ǥ
ɥ쥹ʬȤ SMTP ݡȤ³ƸڤΤϤ褤ȤǤϤޤ;
ñ͡ʥ᡼롼׷ٹƤӵǤʬΥޥ󤬺Ŭ MX ۥȤ
ʤäƤˤƱȤƤϤޤޤ: ɥᥤ󡢥Сɥᥤ
ʤɡ

᡼뤬ľܥ󥿡ͥåȤ줺 relayhost 
褦ʡʣʥե饹ȥ饯ĥȤޤPostfix ľ
⡼Ȥ˥ǤȤˤ⡼ȤΥ󥿡ͥåȥɥ쥹
ڤǤʤΤǡˤʤޤ

ΤᡢPostfix ϥɥ쥹ڥץ֥åݤΥ롼ƥ
ѥ᡼񤭤뤳ȤǤޤ

Ϥˡaddress_verify_relayhost ѥ᡼ relayhost 񤭤Ǥ
address_verify_transport_maps ѥ᡼ transport_maps 񤭤Ǥޤ

ˡɥ쥹饹ϰʲɽ˼褦ˡ줾Υɥ쥹Ǥ
å transport Ϳޤɥ쥹饹 ADDRESS_CLASS_README
եƤޤ

     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
    |ɥᥤꥹ         |̾ ttrraannssppoorrtt | ttrraannssppoorrtt                |
    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
    |mydestination          |local_transport  |address_verify_local_transport  |
    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
    |virtual_alias_domains  |()         |()                        |
    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
    |virtual_mailbox_domains|virtual_transport|address_verify_virtual_transport|
    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
    |relay_domains          |relay_transport  |address_verify_relay_transport  |
    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
    |()               |default_transport|address_verify_default_transport|
    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |

ǥեȤǤϡɥ쥹ץ֤椹ѥ᡼̾Υ᡼
椹ѥ᡼ƱͤäƤޤ

ץ֥롼ƥ

ɥ쥹ڥץ֤ФƤ relayhost 񤭤ʳϤΤޤ
ĤƤȤΤŵŪʶڽ񤭤Ǥ:

    /etc/postfix/main.cf:
        relayhost = $mydomain
        address_verify_relayhost =
        ...

ͥåȥɥ쥹Ѵ (nat) ظˤ륵Ȥۥ̾
̤ SMTP 饤ȤȤʤФʤ⤷ޤ:

    /etc/postfix/main.cf:
        relayhost = $mydomain
        address_verify_relayhost =
        address_verify_default_transport = direct_smtp

    /etc/postfix/master.cf:
        direct_smtp .. .. .. ..  .. .. .. .. .. smtp
            -o smtp_helo_name=nat.box.tld

ץ֥롼ƥζˤ

ץ֥å̾Υ᡼Ʊƻ򤿤ɤʤ礬ǽ
ޤȤС̾Υ롼Ȥ򤿤ɤХåդ뤬
Ʊꤹץ֥å롼Ȥ줿˵ݤ뤳Ȥޤ
դ⤢ޤۤ¿Ϥޤ

