Rocky Linux 9에서 Postfix 메일 서버를 설치하고 설정하는 방법

Rocky Linux 9에서 Postfix 메일 서버를 설치하고 설정하는 방법

테스트 환경

$ cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)

1. Postfix 설치

hostnamectl 명령어로 호스트 이름 설정

hostnamectl set-hostname pmail.sangchul.kr

/etc/hosts 파일 편집하여 호스트 이름 설정

sudo vim /etc/hosts

192.168.0.52	pmail.sangchul.kr

Postfix 패키지 설치

dnf install -y postfix

설치 중에 Postfix의 기본 설정 대화식 대화창이 나타납니다. 기본 설정을 사용하려면 "OK"를 선택하고 진행합니다.

Postfix 버전 정보

postconf -d mail_version

Postfix 서비스 시작 및 활성화

Postfix 서비스를 시작하고 부팅 시 자동으로 시작되도록 활성화합니다.

systemctl --now enable postfix

Postfix 서비스 상태 확인

systemctl status postfix

mail1

sasl 패키지 설치

yum install -y cyrus-sasl cyrus-sasl-plain

sasl 설정(smtpd.conf)

$ cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

postfix 설정

postfix 파일(main.cf) 백업

cp /etc/postfix/main.cf /etc/postfix/main.cf.origin

postfix configure(/etc/postfix/main.cf) 편집

• myhostname = pmail.sangchul.kr
• mydomain = sangchul.kr
• myorigin = $mydomain
• inet_interfaces = all
• mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
• relayhost = [pmail.sangchul.kr]
• mynetworks = 127.0.0.0/8, 192.168.0.0/24
• home_mailbox = Maildir/

vim /etc/postfix/main.cf

$ cat /etc/postfix/main.cf | egrep -v '^$|^#' | grep home_mailbox
home_mailbox = Maildir/
root@pmail:~$ cat /etc/postfix/main.cf | egrep -v '^$|^#'
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = pmail.sangchul.kr
mydomain = sangchul.kr
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 192.168.0.0/24
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/


debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = may
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix

Postfix 서비스 재시작

systemctl restart postfix

728x90

postfix 메일 서버 보안

인증서 디렉토리 생성

mkdir -p /etc/postfix/ssl

openssl 명령어로 개인키 및 CSR 생성

openssl req -nodes -newkey rsa:2048 -keyout mail.key -out mail.csr

KR
Seoul
Gangseo-gu
sangchul Company Ltd
infrastructure team
pmail.sangchul.kr
postfix@sangchul.kr

$ openssl req -nodes -newkey rsa:2048 -keyout mail.key -out mail.csr
Generating a RSA private key
................+++++
............+++++
writing new private key to 'mail.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:Seoul
Locality Name (eg, city) [Default City]:Gangseo-gu
Organization Name (eg, company) [Default Company Ltd]:sanghcul Ltd
Organizational Unit Name (eg, section) []:infrastructure team
Common Name (eg, your name or your server's hostname) []:pmail.sangchul.kr
Email Address []:postfix@sangchul.kr

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

$ ls -l | egrep mail
-rw-r--r-- 1 root root 1086 Dec 11 05:08 mail.csr
-rw------- 1 root root 1704 Dec 11 05:06 mail.key

openssl 명령어로 CRT 생성

openssl x509 -req -days 365 -in mail.csr -signkey mail.key -out mail.crt

$ ls -l
합계 12
-rw-r--r--. 1 root root 1415  1월  6 23:30 mail.crt
-rw-r--r--. 1 root root 1102  1월  6 23:29 mail.csr
-rw-------. 1 root root 1704  1월  6 23:28 mail.key

postfix configure(/etc/postfix/main.cf) 편집

vim /etc/postfix/main.cf

• smtpd_tls_cert_file = /etc/postfix/ssl/mail.crt
• smtpd_tls_key_file = /etc/postfix/ssl/mail.key
• smtp_tls_security_level = may

$ cat /etc/postfix/main.cf | egrep -v '^$|^#' | grep smtpd
smtpd_tls_cert_file = /etc/postfix/ssl/mail.crt
smtpd_tls_key_file = /etc/postfix/ssl/mail.key
smtpd_tls_security_level = may

Postfix 서비스 재시작

systemctl restart postfix

메일 발송 테스트

Postfix를 구성하고 메일을 테스트합니다.

메일 클라이언트 계정 생성

useradd mailtest

passwd mailtest

telnet 메일 테스트

보내는 메일

- postfix 계정에서 mailtest계정으로 메일 발송 테스트

telnet localhost 25

ehlo localhost
mail from: postfix@sangchul.kr
rcpt to: mailtest@sangchul.kr
data
Hello, world!
.
quit

$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 pmail.sangchul.kr ESMTP Postfix
ehlo localhost
250-pmail.sangchul.kr
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
mail from: postfix@sangchul.kr
250 2.1.0 Ok
rcpt to: mailtest@sangchul.kr
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Hello, world!

.
250 2.0.0 Ok: queued as 0F2B660BA8D2
quit
221 2.0.0 Bye
Connection closed by foreign host.

받는 메일

$ id
uid=1000(mailtest) gid=1000(mailtest) groups=1000(mailtest) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

$ cat /home/mailtest/Maildir/new/1673016054.Vfd00I20f6b92M595992.pmail.sangchul.kr
Return-Path: <postfix@sangchul.kr>
X-Original-To: mailtest@sangchul.kr
Delivered-To: mailtest@sangchul.kr
Received: from localhost (localhost [IPv6:::1])
	by pmail.sangchul.kr (Postfix) with ESMTP id 0F2B660BA8D2
	for <mailtest@sangchul.kr>; Fri,  6 Jan 2023 23:40:37 +0900 (KST)
Message-Id: <20230106144042.0F2B660BA8D2@pmail.sangchul.kr>
Date: Fri,  6 Jan 2023 23:40:37 +0900 (KST)
From: postfix@sangchul.kr

Hello, world!

s-nail(mailx) 메일 테스트

s-nail 패키지 설치(mailx 패키지가 s-nail 대체되었음)

yum install -y s-nail

vim /etc/s-nail.rc

set empty start
set folder=Maildir
set record=+sent

echo 'init' | s-nail -s 'init' -Snorecord user

보내는 메일(mailx)

echo "Postfix 메일 테스트입니다." | mailx -s "Postfix 메일 테스트" -r postfix@sangchul.kr mailtest@sangchul.kr

echo "Postfix mail test" | mailx -s "Postfix mail test" -r postfix@sangchul.kr mailtest@sangchul.kr

받은 편지

- 로컬 수신함(리눅스)

$ su - mailtest
마지막 로그인: 금  1월  6 23:57:03 KST 2023 일시 pts/1
mailtest@pmail:~$

$ cd /home/mailtest/Maildir/new

$ ls -l
합계 8
-rw-------. 1 mailtest mailtest 426  1월  6 23:40 1673016054.Vfd00I20f6b92M595992.pmail.sangchul.kr
-rw-------  1 mailtest mailtest 645  1월  7 00:10 1673018833.Vfd00I20f6bb1M508794.pmail.sangchul.kr

$ cat 1673018833.Vfd00I20f6bb1M508794.pmail.sangchul.kr
Return-Path: <postfix@sangchul.kr>
X-Original-To: mailtest@sangchul.kr
Delivered-To: mailtest@sangchul.kr
Received: by pmail.sangchul.kr (Postfix, from userid 0)
	id 7A10C60BA8DF; Sat,  7 Jan 2023 00:27:13 +0900 (KST)
Date: Sat, 07 Jan 2023 00:27:13 +0900
From: postfix@sangchul.kr
To: mailtest@sangchul.kr
Subject: Postfix mail test
Message-ID: <20230106152713.4sALW%postfix@sangchul.kr>
User-Agent: s-nail v14.9.22

Postfix mail test

- 외부 메일함(다음)

mail1

도커 컨테이너 실행

docker run -d -p 25:25 --privileged --name postfix centos "/sbin/init"

docker exec -it postfix bash