ローカルのPCのHDDが吹っ飛んだりした場合、メモをなくすと困るのでブログに書いとく。
---------------------------
■環境
amazon ec2 m1.small
(fedora x86/32bit インスタンス)
submmision port = 587
TCP/UDPの両方が必要
MTA is postfix.
■submission portを開ける
/etc/postfix/master.cf
#submission inet n - n - - smtpd
↓
submission inet n - n - - smtpd
■SMTP Authする
/etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
#smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
aws EC2 の fedora8 Basicでは sasl2はデフォルトインストールっぽい....
一応、確認...
> # cat /usr/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login
いらない
mkdir /var/state/saslauthd
chmod 700 /var/state/saslauthd
chown postfix /var/state/saslauthd
saslauthd で使用可能なメソッドを確認。
># /usr/sbin/saslauthd -v
>saslauthd 2.1.22
>authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
とりあえずpamで運用。
sasl2の起動
/etc/init.d/saslauthd start
動作してることを確認
> # ps ax | grep saslauthd
> 31697 ? Ss 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
> 31699 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
> 31700 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
> 31701 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
> 31702 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
postfixの再起動
/etc/init.d/postfix restart
----------------------------------
■popperの設定
dovecot.i386
dovecot-devel.i386
># yum install dovecot.i386 dovecot-devel.i386
/etc/init.d/dovecot start
----------------------------------
■EC2の Security Groupsの設定
メール関連部分のみ抜粋
C/Method Protocol FromPort ToPort Source
POP3 tcp 110 110 0.0.0.0/0
SMTP tcp 25 25 0.0.0.0/0
- tcp 587 587 0.0.0.0/0
- udp 587 587 0.0.0.0/0
----------------------------------
■動作確認
自ホストから....
># nmap localhost
>
>Starting Nmap 4.52 ( http://insecure.org ) at 2009-08-12 02:36 UTC
>Interesting ports on localhost.localdomain (127.0.0.1):
>Not shown: 1705 closed ports
>PORT STATE SERVICE
>22/tcp open ssh
>25/tcp open smtp
>80/tcp open http
>110/tcp open pop3
>143/tcp open imap
>587/tcp open submission
>993/tcp open imaps
>995/tcp open pop3s
>5432/tcp open postgres
>
>Nmap done: 1 IP address (1 host up) scanned in 0.155 seconds
外から...
>$ nmap さーばあどれす
>
>Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2009-08-12 11:54 JST
>Interesting ports on さーばあどれす:
>(The 1654 ports scanned but not shown below are in state: filtered)
>PORT STATE SERVICE
>22/tcp open ssh
>25/tcp open smtp
>80/tcp open http
>110/tcp open pop3
>587/tcp open submission
>
>Nmap run completed -- 1 IP address (1 host up) scanned in 35.845 seconds
0 件のコメント:
コメントを投稿