Ȼ/08

Top / Ȼ / 08

RFC ˤĤ

᡼륵ФäˡRFC(Request For Comment) ˤĤƵƤ.
RFC ȤϡIETF:www.ietf.org (Internet Engineering Task Force)ȤͥåȥΤΡɸಽΡפˤäɸಽ줿ʽΤȤǤ.
̤˺ȤƤͥåȥץȥϴŪˤ RFC ˽äƤΤФʤΤǡܤȤΤꤿг RFC ɤФ褤ȤȤˤʤ*1.
ʲ᡼εʤˤĤƵȤ RFC ˤĤƻ꿨ƤΤǡˤʤԤϼʬɤǤߤȤ褤*2.

᡼륵 Ȥ

᡼륵ФȰ˸äƤ⤽λŻ͡.
ԤˡŻҥ᡼뤬ɤΤ褦ãƤΤ褽ΤȤȤʬôΤäƤ.

MTA MDA, MUA

᡼ۿϤ褽žȤʳʬ.
Τ(žȸʤ)ž SMTP (= Simple Mail TransferProtocol. RFC821 򸫤) ȤץȥˤäƹԤ졤Ū MTA()ΤŻǤ.
桼ӥƥľ뤹뤳Ȥ⤢äƼλϤĤˡꡤȤƤΤ POP (= Post Office Protocol, ver.3 = RFC1939) IMAP (= Internet Message Access Protocol, ver.4rev1 = RFC3501) Ǥ.
δطޤȤȡ

MTA = Message Transfer Agent
᡼žԤեȥ. ͹ضɤΤ褦̤.ͭ̾ʤΤϡsendmail, postfix, qmail ȤȤ. ᡼ۿμ.
MDA = Message Derivery Agent
Ϥ᡼桼ۿƯեȥ. MTA κǸʳλŻβŪ¸. ̳̾ñʤã᡼Υե륿žľΡֿݽפĤΤǤʤ˽. ͭ̾ɤ mail, procmail ʤɤǤ. ϤޤռʤƤ褤.
MUA = Mail/Message User Agent
᡼ɤ߽񤭡ФؤФϤƤ᡼äƤ롤ʤɤΥ桼ȤԤեȥ. ᡼ʤɤȤ.

ȤեȥƱΤ, ŵŪʾϰʲΤ褦˷ҤäƤ.
mail-transfer-simple_s2.png

(Żҥ᡼Τ褽ۿ)

äơ᡼륵ФδȤϤޤ

  • MTA δ
  • POP, IMAP Хեȥδ

ĤʬǤ뤳Ȥˤʤ롥

᡼Υƥ()

᡼žۿϴŪˡʿʸפǥͥåȥξή.
ΤᡤƼѥɤ᡼ʸƱͥåȥˤޥˤȴǤΤǡϩΰŹ沽ˤɤȤȤͤ.
ΤäȤ褯Ȥ뵻Ѥ ** over TLS/SSL Ǥ(TLS = Transport Layer Security, SSL = Secure Sockets Layer).
ϡͥåȥ̿ϩŹ沽ŪˤʤŪ˻Ȥ뵻 TLS/SSL Ѥƥ᡼Τˤ褦ȤΤǤ.

ܺ٤Ҥ٤(web ФΤȤǤñ)̿ϩˤơǧ+Ź沽׵ǽ󶡤Τ TSL/SSL ѤǤ.
SSL Netscape Communications γȯΤǤäIETF ˤɸಽȤФ TLS Ȥ RFC2246 ɸ൬ꤵ줿аޤ.
¼Ūˤ SSL ver3.0 TLS ver 1.0 ۤƱǤȸƤΤǡɤǤŬɤؤʤ*3.

ʤߤˡTLS/SSL ¾ΥץȥळȤǤΤǡ͡ʤΤ. ޤ긫ݤʤȤǤ FTP over TLS/SSL (RFC4217)ʤƤΤ⤢

SMTP/POP/IMAP over TLS/SSL

οޤпηϩϴŪ˥ͥåȥǡήϩǤ뤬ηϩƤФover TLS/SSL ˤäưŹ沽ǽǤ.

ŪˤϡMTA Ȥƴط SMTP over TLS (RFC3207)*4 MUA ǡɤ߹ݤ IMAP/POP over TLS (RFC2595) Ȥˤ櫓.

ʤߤˡTLS/SSL θͤС*** over TLS/SSL 򥯥饤ȤΡǧڡפ˻ȤĤޤҤ smtp auth ʤɤ˻ȤΤǤϤȻפȤ TLS/SSL 뤳ȤѤʤȤͭʤȤ顤饤ǧڤѤΤ󸽼ŪǤȹͤƤ褦.

spam к : óԤˤʤΤɤ : ݡȤΥ֥å

ߡͥåȥΥ᡼ˤ spam (=ΰտޤ˴طʤƤ빭𡤾Υ᡼. UCE = Unsolicited Commercial E-mail ȤФ.)*5 礭ȤʤäƤ.
ɤ뤿λȤߤ͡ʤΤ뤬ֺǴΥ᡼륵MTA ˤơ spam Ρʳ֥åפȤŪεѤʲ˾Ҳ𤵤ΤǤ*6. ϡʬδ᡼륵(MTA) spam ˻ȤΤɤΤΤǡСֲóԤˤʤʤΡ׵ѤǤ.

SMTP Auth

RFC2554 ˵ꤵƤ SMTP γĥʤǡ礶äѤ˸SMTP 饤ȤФǧڤƤ餦Ѥ. ĤޤꡤSMTP ̿Ǥɡס֤ï?ס֢Ǥס֤ۤ?ס֤줬ڵǤסOK̿, NG̿ݡ ȤȤߤ¸ΤǤ.
ǧڤϼ¼Ū SASL(Simple Authentication and Security Layer RFC2222 ˵ꤵƤ뵬)ѤȤȤ RFC Ƭ˽񤫤Ƥ.

εѤϼˡ᡼(¼Ū˥᡼ž)ǧڤǤ륯饤Ȥդ뤳ȤǡΤ軰ԤˤäƤΥФ᡼뤳Ȥɤ˻Ȥ.

Message Submission

RFC2476 ˵ꤵƤ뵬.
̾ϥ᡼žξ port 25 ǼΤǤ뤬 port 25 žΤߤդ port 587(Submission port ȤФ)Ǽդ褦ˤȤΤǤ.
ʬǤϥƥΰ̣ϤʤˤʤΤ(^-^), ơ port ˤ٤ǧڤʤ¾ˡǤ¤Ƴ뤳ȤȤʤäƤ*7.
ʤʬ̣? ȻפMTA ߤȤ˴Ū

  • Ƥ MUA
  • žƤ MTA

Ǥꡤ꤬ۤʤ. ĤޤꡤMTA ϤʤΥФǤΤǤȤбԤƤɤȤMUA ͡ʥ᡼餫ʤΤǤޤ긷Ȥ׵ǤʤʤɡơʤۤʤΤǡոʬdzơˤ碌ǧˡƳŪбǤΤǤ.

spam к : ﳲԤˤʤΤɤ : Υ֥å

spam ΡﳲԤˤʤʤˤϡסŪž/Ƥ᡼ȤǤοݤǤ֤ȤȤˤʤ. ͤ礭Ĥäơ

³Ƥåơʤ³ΤΤݤ
⤽᡼餺˺ѤΤǡvirus ΤʤΤȤ꤬ʤΤ. ᡼Ƥ˰¸ʤΤǡƤ˰¸븡ܤǤϤʤפȤۤʤΤ. ꤬¤ʤȤǤäӽƤޤ꤬礭ȤΤ. Ūˤϡ
  • SMTP ³ʳϵ䤹
  • ꤬ MTA ΢εǽäƤ˸¤³Ĥ(üʤ)
  • (ǽƤ)֥åꥹȤ˺ܤäƤϵ䤹
    Ȥˡˤʤ.
Ȥꤢ᡼ꡤƤåƥʤ
(㤨Х桼ˤʤ)꤬ǽʤΤ. ƤåΤǡФǹԤäϡְθܡפȤŦ/ȽϤ. ٤⤤. ŪˤϡǯϤ᡼٥ե륿ˤʬहˡȤƤ褦.

ȤΤʬ. ⤽ʤη뤿ᡤФȥ桼ˤäƸƤɬפǤ.

ϤˤĤƾܤҤ٤ʤٶƤȤ褤*8.

½

spam ﳲ򸺤餹ˡ׼ºݤˤɤΤ褦ɸˡΤĴ٤Ƥߤ.

MTA : Postfix

ơδƤߤʤȤʤȤ⤤ʤޤ MTA 򥤥󥹥ȡ롤ꤷƤߤ褦. ˽񤤤褦 MTA ͭ̾ɤ sendmail, postfix, qmail ȤȤsendmail ϡּꤹΤϻפȸ뤷(^-^)qmail sendmail Ȥθߴ㤤. ̵ʤȤ Postifx 򥤥󥹥ȡ뤷ԤäƤߤ褦.

½

sendmail, postfix, qmail γơħĴ٤.

Postfix Υ󥹥ȡ롤

˽Ҥ٤ѤȤδط

ޤPostfix ȾΥƥspam кȤδطҤ٤Ƥ*9.

SMTP over TLS/SSL ˤĤ

Ǥ FreeBSD Postfix 2.4.6,1 ports 饤󥹥ȡ뤷褦Ȥ "Enable SSL and TLS support" ȤץǽʤΤǤ򤷤ƤФ褤Ǥ. ŪڤäȤϤޤdzڤˤʤäƤȤϡĤȻפ餤ñˤʤäƤ.

SMTP Auth ˤĤ

§Ȥ Postfix 󥹥ȡפ SASL ǽ󶡤륽եȥ򥤥󥹥ȡ뤹ɬפ.
Ǥ ports 饤󥹥ȡ뤷褦Ȥ "Cyrus SASLv2" ȤץǽʤΤǤ򤷤ƤCyrus-SASL ưŪ˻˥󥹥ȡ뤷ƤΤǡ⤷ʤƤ褤.

󥹥ȡ

ޤsendmail ưƤʤå. Ūˤ

 ps -axuww | less

Ȥ mail Ȥ post Ȥ drop Ȥʸޤ daemon ưƤʤĴ٤褦. ޤ/etc/rc.conf 򸫤ơ

 sendmail_enable = "NO" ʤ "NONE"

Ȥʸ"̵ä" sendmail ưƤǽʤˤ*10.
ޤ

 telnet localhost 25

Ȥ³Ǥ褦ä (֤)sendmail ưƤΤǡȽǤƤ褤*11.

⤷ sendmail ưƤ

 /etc/rc.d/sendmail stop

Ȥ褦.

ơǤޤʺ ports 쥯 portsnap ǹƤ.

 portsnap fetch; portsnap update

ˡ줫κȤΥ褦 portupgrade ꤷľƤ(줫Ȥ portinstall portupgrade ΰǤΤ).
ȤΤ⡤DzʥåФƤΤǤ. ɤ߼ʤ⤤ʤ餳ɬפ.
ޤե֤Ѱդ.

 cd /var/log; mkdir ports

ˡportupgrade 񤭴Ƥ. Ūˤϡ/usr/local/etc/pkgtools.conf եΤۤܺǸˤԤ

 PORTUPGRADE_ARGS = ENV['PORTUPGRADE'] ||  \
  '-v -L /var/log/ports/%s::%s.log'

ʤɤȽƤ(portupgrade Υޥ˥奢(man portupgrade Ǥߤ)ˤ񤤤ƤΤǡߤƺǸιԤϹߤ˱ѤƤ褤).
ƤС줫 portupgrade, portinstall ʤɤΥ /var/log/ports ʲ֤褦ˤʤΤǾ¿.

Ǥϡports postfix 򥤥󥹥ȡ뤹. 󥹥ȡ뤹СϺǿ ver.2.4.6,1 Ǥ褤. ports 쥯򤶤äȤߤǤ ver.1.1.13, ver. 2.1.6, ver. 2.2.12, ver. 2.3.13, ver.2.4.6 5ब쥯󤵤ƤΤǡ󥹥ȡκݤˤϴְäС򥤥󥹥ȡ뤷ʤ褦դ褦*12.
ơ

 cd /usr/ports
 portinstall mail/postfix

ǥ󥹥ȡ뤬Ϥޤ*13. ⤷С褦ʤտ򤷤褦.

ports 饤󥹥ȡ뤹ݡ/ ̤3ۤɽФƤ. ˤĤƲ⤷褦.

֤ǽ
postfix-install.png
Τ褦ʲ̤Фơpostfix Υ󥹥ȡ륪ץʹ.
ФƤϡ˽Ҥ٤褦 "Cyrus SASLv2", "Enable SSL and TLS support" Ĥ "ON" ˤƤ. ޤǥեȤ򤵤Ƥ "Perl Compatible Regular Expressions" "ON" Ǥ褤.

 Added group "postfix".
 Added group "maildrop".
 Added user "postfix".
 You need user "postfix" added to group "mail".
 Would you like me to add it [y]?

ʹ.
ϥեȥ postfix ư̤ʥ桼 postfix mail 롼פƤ褤? ȤƤʤ SMTP Auth Ȥʤ()Τǡ"y" ƤȤ褤.

ޤ

 Would you like to activate Postfix in /etc/mail/mailer.conf [n]?

Ȥʹ.
mail ϢΥեȥбɽȤǤ⤤٤ /etc/mail/mailer.conf 񤭴Ƥ褤? ȤʤΤޤƤʤȲؤʤΤǤ "y" ٤Ǥ.
ǥեȤ "n" ȤʤäƤΤǡΤޤ enter 򲡤ʤ褦Ĥ褦.
ʤߤˡ񤭴 mailer.conf

 sendmail        /usr/libexec/sendmail/sendmail
 send-mail       /usr/libexec/sendmail/sendmail
 mailq           /usr/libexec/sendmail/sendmail
 newaliases      /usr/libexec/sendmail/sendmail
 hoststat        /usr/libexec/sendmail/sendmail
 purgestat       /usr/libexec/sendmail/sendmail

ȤʤäƤ뤬񤭴

 sendmail        /usr/local/sbin/sendmail
 send-mail       /usr/local/sbin/sendmail
 mailq   /usr/local/sbin/sendmail
 newaliases      /usr/local/sbin/sendmail

Ȥʤ.

ơȤäƤХ󥹥ȡȤΤΤϽλ.

¤

ơ󥹥ȡ˽ФƤåտƤȡְʲκȤԤפȤ֤ȤϤפʤɤΤȻؼФƤΤʬ. ɤޤʤˤܤˤȤΤǡޤϤΥå˽.
ʸ򥹥륢åפɤüեȤѤƤʤ餽ɤ⤷ϥ󥹥ȡȤǽƤϤΥե /var/log/ports ʲõɤǤߤ褦. ȶŪˤϡΤ褦ʥåĤϤǤ.
ޤĤΤ

 You can use sasldb2 for authentication, to add users use:
      saslpasswd2 -c username
 
 If you want to enable SMTP AUTH with the system Sendmail, read Sendmail.README
 
 NOTE: This port has been compiled with a default pwcheck_method of  auxprop.
    If you want to authenticate your user by /etc/passwd, PAM or LDAP, install
    ports/security/cyrus-sasl2-saslauthd and set sasl_pwcheck_method to
    saslauthd after installing the Cyrus-IMAPd 2.X port.  You should also check
    the /usr/local/lib/sasl2/*.conf files for the correct pwcheck_method.

Ȥʬ.
SMTP Auth ɤΤ褦˥󥹥ȡ뤵Ƥ뤫ȤλȤˤĤƤλؼǤΤ, ʬͤɤǤ*14.
ʤߤˡǽ񤤤Ƥ Sendmail.README Ȥե cyrus-sasl2 Υ󥹥ȡ/ѥǽƤΤΤϤʤΤǤΤĤõƤߤ٤. /usr/ports/security/cyrus-sasl2/files ʤɤ˸ĤϤ.

  Warning: you still need to edit myorigin/mydestination/mynetworks
  parameter settings in /usr/local/etc/postfix/main.cf.
 
  See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
  for information about dialup sites or about sites inside a
  firewalled network.
 
  BTW: Check your /etc/aliases file and be sure to set up aliases
  that send mail for root and postmaster to a real person, then
  run /usr/local/bin/newaliases.

ϡpostfix 󥹥ȡˤɤΤ褦꤬ɬפ礶äѤ˻ؼƤ.
/usr/local/etc/postfix/main.cf 񤭴衤 /etc/aliases ľ newaliases ¹Ԥ衤ȤȤƤ.

ޤǸ˼Τ褦ʥåޤޤƤ.

 To enable postfix startup script please add postfix_enable="YES" in your rc.conf
 
 If you not need sendmail anymore, please add in your rc.conf:
 
 sendmail_enable="NO"
 sendmail_submit_enable="NO"
 sendmail_outbound_enable="NO"
 sendmail_msp_queue_enable="NO"
 
 And you can disable some sendmail specific daily maintenance routines in your /etc/periodic.conf file:
 
 daily_clean_hoststat_enable="NO"
 daily_status_mail_rejects_enable="NO"
 daily_status_include_submit_mailq="NO"
 daily_submit_queuerun="NO"
 

ΥåϽפǤ.
ɤȡ/etc/rc.conf ˵Ҥ 5ԲäʤȤʤȤʬ.
ޤ/etc/periodic.conf ˤ 4Բä٤ȤȤ񤤤Ƥ.
®ĤκȤԤ.

 If you are using SASL, you need to make sure that postfix has access to read
 the sasldb file.  This is accomplished by adding postfix to group mail and
 making the /usr/local/etc/sasldb* file(s) readable by group mail (this should
 be the default for new installs).

ΥåΥ󥹥ȡμ

 You need user "postfix" added to group "mail".
 Would you like me to add it [y]?

"y" ʤȤʤäͳʬ. ˸Ȥ뤱ɤ.

ơˡ᡼륵ФȤƺ¤(SMTP Auth SMTP over TLS/SSL ʤ)Ԥ.
/usr/local/etc/postfix/main.cf ԽǤ褤.

 cd /usr/local/etc/postfix/
 cp main.cf main.cf.ORG
 emacs main.cf

ʤɤȤԽ褦.
ʲ˽սΤȴФ񤯤Τǡ򻲾ȤƤȤꤢԽ褦(ʤǥեͤˤʤ /usr/local/etc/postfix/main.cf.default 򸫤н񤤤ƤΤǤ򸫤褦).

 myhostname = q17.cl.math.sci.osaka-u.ac.jp   ʬ hostname 񤯤!
 mydomain = cl.math.sci.osaka-u.ac.jp
 alias_maps = hash:/etc/mail/aliases
 alias_database = hash:/etc/mail/aliases
 home_mailbox = Maildir/

ѿΰ¸ط뤳ȤΤ main.cf κǸˤޤȤƥ񤯤ΤϤ褯ʤ. main.cf ˳ʬΤǡdzơȽ񤭹⤦.

ȡ桼 "cyrus", "postfix" ƤΤǡФ褿᡼Ԥž褦ˤƤ.
Ūˤϡ/etc/aliases Խơޤ

 root : (ʬΥ᡼륢ɥ쥹)

θ塤ƱեŬʾ(uucp: root β̵꤬)

 cyrus:  root
 postfix: root

դäФ褤. ǤѹȿǤʤΤǡȿǤ뤿˼Υޥɤ¹ԤƤ.

 rehash   csh ϤȤäƤ. ΥޥɤΤѹƤ뤿.
 newaliases

ơǰΰ٥֡Ȥ褦. postfix ưФϤ

postfix εưǧ

ޤ sendmail ưƤ뤫ɤåΤƱˡ postfix ưƤ뤫å褦. ưƤʤ褦ʤ餳ޤǤκȤƥå.

ưƤ褦ʤСޤ port 25 ˥ƤߤƤɤֻ֤äƤ뤫Ƥߤ褦. ˤ

 telnet localhost 25

ȤƤߤФ褤.

 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 220 (ۥ̾) ESMTP Postfix

ȽФΤǡ

 EHLO localhost

ϤƤߤ褦. Ȥ

 250-(ۥ̾)
 250-PIPELINING
 250-SIZE 10240000
 250-VRFY
 250-ETRN
 250-ENHANCEEDSTATUSCODES
 250-8BITMIME  
 250 DSN

ʤɤֻФơpostfix ɤΤ褦³ԤƤΤʬ(ΤȤ "quit" Ȥȴ).
ǤȤꤢ postfix port 25 ԤƤΤʬä.

Ǥϼˡʬ˥᡼ФƤߤƥå褦.
ϴñǡ̾Υ桼ˤʤäƤ

 mail -s "test" ʬΥ桼̾

Ȥơ줫鲿Ǥ⤤ΤϤ(줬᡼ʸˤʤ).
᡼ʸ򤦤ä顤֥ԥꥪɰĤΤߤʤԡפϤƽäȤˤʤꡤ᡼뤬Ǥ.

Ƥ鼫ʬΥǥ쥯ȥ Maildir/new Ȥǥ쥯ȥ˹ԤäƤߤ. ե뤬С less ʤɤɤǤߤ褦. 줬ä᡼ʤ OK.
줬ޤԤäƤʤвΤǡѡ桼¤ /var/log/maillog ɤǤߤ褦. 顼нϤƤơȥ֥θϤ.

Ƽˡ¸ߤʤ桼ˡץ᡼ФƤߤơ顼֤äƤ뤫å褦.
ϾȤۤƱͤκȤǡ(ǰΰ٤̾桼ˤʤä)

 mail -s "test2" ¸ߤʤ桼̾

ȤơȤŬʸϸˡ֥ԥꥪɰĤΤߤʤԡפϤǤ.
ƤޤʬΥǥ쥯ȥ Maildir/new Ȥǥ쥯ȥ˿ե뤬ꡤ줬֤ʥ桼ʤ᡼ФʤפȤƤΥ顼᡼ä OK .

ϾĹʤäΤǡΤǰöƤ.

ݡ

᡼κݤˡְ(Ź沽)סSPAMкפˤĤƥФͥåȥǤǤ뤳ȤˤĤĴ٤.
ޤԤäȤˤĤ𤻤.


*1 ʤΤΤС󥢥åפȿ RFC Ѱդ뤳ȤˤʤΤǡεʤбǿ RFC ɤ줫狼ˤ.
*2 ͥåȥǤϿڤˤܸ֤ƤƤͤ⤤Τǡ餫ɤǤߤڤ.
*3 ʤTLS ver 1.1 RFC4346 ˵ꤵƤΤǡĤƤȤϻפ.
*4 ǽΥС RFC2487 obsolete ˤʤä.
*5 ʤߤ spam θ츻. Ĵ٤ƤߤȤ褤.
*6 ¾ˤ "Outbound Port25 Blocking" ʤɤƱŪεѤǤ. Outbound ... ϥ᡼륵ФǹԤΤǤϤʤơͥåȥνǹԤΤǤΤǤǤϳƤ.
*7 㤨Сո submission port Ǥ smtp auth 򤫤. MTA ǧˡ Sender ID, SPF, DomainKeys ʤɡ᡼륵ФŬΤƤƤ.
*8 㤨СηиǤϥ¦ǡ SMTP³ʳϵ䤹פ spam 95%ʾ̵ȤǤ. ˤϡΥ᡼륵ФΤư롼ȿǤץФ⤢ꡤФ֥ۥ磻ȥꥹȡפƤʤɤĴ/ϤʤʤѤǤ.
*9 ⤽ Postfix Ͼ˽Ҥ٤褦ʵѤɤեȥȤΤƤꡤкѤƳΤŬƤ.
*10 /etc/defaults/rc.conf 򸫤Ƴǧɬפ뤬ǥեȤ sendmail_enable = "YES" ˤʤäƤ뤳ȤΤ.
*11 sendmail ʳ MTA 򥤥󥹥ȡ뤷ƤưƤΤϤ MTA ⤷ʤ
*12 ޤports ʳΥ󥹥ȡˡѤǤϤ뤬򤷤Ƥ뤫ΤˤϤȤƤ褤. ٶȤͤˤϤ.
*13 ʤߤˡλǥ󥹥ȡ뤵 cyrus-sasl ver. 2.1.22 Ǥ褦
*14 äȤˡʳǤ saslauthd ΤΤϥ󥹥ȡ뤵Ƥʤ餷Ȥ狼. pwcheck_method ʤ saslauthd ʤ饤֥ꤢǻȤ褦.