출처: https://help.ubuntu.com/11.10/serverguide/postfix.html#postfix-testing
Postfix is the default Mail Transfer Agent (MTA) in Ubuntu.
Postfix는 우분투에서 기본 메일 전송 에이전트(MTA)이다.
It attempts to be fast and easy to administer and secure.
이것은 관리와 보안을 쉽고 빠르게 하도록 기획되어 있다.
It is compatible with the MTA sendmail.
이것은 MTA sendmail과 호환된다.
This section explains how to install and configure postfix.
이번 섹션에서는 postfix를 설치하고 설정하기 위한 방법을 설명한다.
It also explains how to set it up as an SMTP server using a secure connection (for sending emails securely).
이것은 또한 보안 연결을 사용한 SMTP 서버 설정 (안전하게 이메일들을 보내기 위한)방법에 대해서도 설명하고 있다.
This guide does not cover setting up Postfix Virtual Domains, for information on Virtual Domains and other advanced
configurations see References.
이 가이드는 가상 도메인을 사용한 Postfix 설정방법에는 적용되지 않으므로, 가상 도메인 및 다른 고급 설정과 관련해서는
References 를 참조해라.
Installation(설치)
To install postfix run the following command:
Postfix를 설치하기 위해서 다음 명령을 실행한다:
sudo apt-get install postfix
Simply press return when the installation process asks questions, the configuration will be done in greater detail in the
next stage.
설치 과정 중 질문이 나오면 그냥 엔터를 쳐라. 어차피 다음 단계에서 설정을 더 자세하게 할 것이다.
Basic Configuration(기본 설정)
To configure postfix, run the following command:
Postfix를 설정하기 위해서, 다음 명령을 실행한다.
sudo dpkg-reconfigure postfix
The user interface will be displayed. On each screen, select the following values:
사용자 인터페이스가 나타날 것이다. 각각의 화면 상에서, 다음 값들을 선택한다.
Internet Site
mail.example.com
steve
mail.example.com, localhost.localdomain, localhost
No
127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
0
+
all
Replace mail.example.com with the domain for which you'll accept email, 192.168.0.0/24 with the actual network and class range of your mail server, and steve with the appropriate username.
mail.example.com을 당신이 사용할 email 도메인으로, 192.168.0.0/24를 당신의 메일 서버의 실제 네트워크 클래스 범위로, 그리고 steve를 알맞은 사용자이름으로 교체하라.
Now is a good time to decide which mailbox format you want to use.
지금이 바로 당신이 사용 할 사서함(mailbox) 형식을 결정하기 좋은 때이다.
By default Postfix will use mbox for the mailbox format.
Postfix는 기본적으로 mbox라는 사서함 형식을 사용한다.
Rather than editing the configuration file directly, you can use the postconf command to configure all postfix parameters.
설정 파일을 직접건드려 수정하는 것보다는 postconf 명령을 통해 모든 postfix 설정들을 수정하는 것이 날 것이다.
The configuration parameters will be stored in /etc/postfix/main.cf file.
설정 값들은 /etc/postfix/main.cf 파일에 저장된다.
Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file.
나중에 당신이 설정 값들을 재 설정하길 원한다면, 이 명령을 통해 설정하던가 설정파일을 직접 변경해서 설정하면 된다.
To configure the mailbox format for Maildir:
Maildir에 대한 사서함 형식 설정하기:
sudo postconf -e 'home_mailbox = Maildir/'
This will place new mail in /home/username/Maildir so you will need to configure your Mail Delivery Agent (MDA) to use the same path.
이것은 새 메일이 오면 /home/username/Maildir에 저장시키겠다는 의미이다. 따라서 당신의 메일 전송 에이전트(MDA)에 같은 경로를 설정해 줘야 할 것이다.
SMTP Authentication(SMTP 인증)
SMTP-AUTH allows a client to identify itself through an authentication mechanism (SASL).
SMTP-AUTH는 클라이언트가 인증 메카니즘(SASL)을 통해 자기 스스로 인증을 하게 한다.
Transport Layer Security (TLS) should be used to encrypt the authentication process. Once authenticated the SMTP server will allow the client to relay mail.
전송 계층 보안(그냥 이건 Transport Layer Security(TLS)라고 말하는 게 거부감 안 드는 거 같음 ㅋ)은 암호화 인증 처리를 써야한다. 한번 인증된 SMTP 서버는 메일 중계 클라이언트로써도 이용될 수 있다.
1. Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):
SASL(Dovecot SASL)을 이용한 SMTP-AUTH Postfix 설정:
sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth-client'
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
The smtpd_sasl_path configuration is a path relative to the Postfix queue directory.
smtpd_sasl_path 설정은 Postfix 큐 디렉토리의 상대 경로이다.
Next, generate or obtain a digital certificate for TLS. See Certificates for details. This example also uses a Certificate Authority (CA). For information on generating a CA certificate see Certification Authority.
그 다음, TLS 디지털 인증을 얻거나, 생성한다. 이것에 대한 자세한 정보는 Certificates 를 참조해라. 이 예제에서는 보안 인증(Certificate Authority(CA))을 사용한다. CA 인증 생성과 관련된 정보를 얻기 위해서는 Certification Authority를 참조해라.
MUAs connecting to your mail server via TLS will need to recognize the certificate used for TLS. This can either be done using a certificate from a commercial CA or with a self-signed certificate that users manually install/accept.
TLS를 이용해 당신의 메일 서버에 연결하는 MUA는 TLS를 사용한 인증을 인식해야할 필요가 있다. 이것은 상용 CA로 부터 인증을 받거나 사용자가 수동으로 설치 및 동의하여 인증 시킬 수 있다.
For MTA to MTA TLS certficates are never validated without advance agreement from the affected organizations. For MTA to MTA TLS, unless local policy requires it, there is no reason not to use a self-signed certificate. Refer to Creating a Self-Signed Certificate for more details.
Once you have a certificate, configure Postfix to provide TLS encryption for both incoming and outgoing mail:
sudo postconf -e 'smtp_tls_security_level = may' sudo postconf -e 'smtpd_tls_security_level = may' sudo postconf -e 'smtp_tls_note_starttls_offer = yes' sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key' sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt' sudo postconf -e 'smtpd_tls_loglevel = 1' sudo postconf -e 'smtpd_tls_received_header = yes' sudo postconf -e 'myhostname = mail.example.com'
If you are using your own Certificate Authority to sign the certificate enter:
sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'Again, for more details about certificates see Certificates.
After running all the commands, Postfix is configured for SMTP-AUTH and a self-signed certificate has been created for TLS encryption.
Now, the file /etc/postfix/main.cf should look like this.
The postfix initial configuration is complete. Run the following command to restart the postfix daemon:
sudo /etc/init.d/postfix restartPostfix supports SMTP-AUTH as defined in RFC2554. It is based on SASL. However it is still necessary to set up SASL authentication before you can use SMTP-AUTH.
Configuring SASL
Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To enable Dovecot SASL the dovecot-commonpackage will need to be installed. From a terminal prompt enter the following:
sudo apt-get install dovecot-commonNext you will need to edit /etc/dovecot/dovecot.conf. In the auth default section uncomment the socket listen option and change the following:
socket listen { #master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. #path = /var/run/dovecot/auth-master #mode = 0600 # Default user/group is the one who started dovecot-auth (root) #user = #group = #} client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. path = /var/spool/postfix/private/auth-client mode = 0660 user = postfix group = postfix } }In order to let Outlook clients use SMTP-AUTH, in the auth default section of /etc/dovecot/dovecot.conf add "login":
mechanisms = plain login
Once you have Dovecot configured restart it with:
sudo /etc/init.d/dovecot restartMail-Stack Delivery
Another option for configuring Postfix for SMTP-AUTH is using the mail-stack-delivery package (previously packaged as dovecot-postfix). This package will install Dovecot and configure Postfix to use it for both SASL authentication and as a Mail Delivery Agent (MDA). The package also configures Dovecot for IMAP, IMAPS, POP3, and POP3S.
You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail server. For example, if you are configuring your server to be a mail gateway, spam/virus filter, etc. If this is the case it may be easier to use the above commands to configure Postfix for SMTP-AUTH.
To install the package, from a terminal prompt enter:
sudo apt-get install mail-stack-deliveryYou should now have a working mail server, but there are a few options that you may wish to further customize. For example, the package uses the certificate and key from the ssl-cert package, and in a production environment you should use a certificate and key generated for the host. See Certificates for more details.
Once you have a customized certificate and key for the host, change the following options in /etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
Then restart Postfix:
sudo /etc/init.d/postfix restartTesting
SMTP-AUTH configuration is complete. Now it is time to test the setup.
To see if SMTP-AUTH and TLS work properly, run the following command:
telnet mail.example.com 25After you have established the connection to the postfix mail server, type:
ehlo mail.example.com
If you see the following lines among others, then everything is working perfectly. Type quit to exit.
250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME
Troubleshooting
This section introduces some common ways to determine the cause if problems arise.
Escaping chroot
The Ubuntu postfix package will by default install into a chroot environment for security reasons. This can add greater complexity when troubleshooting problems.
To turn off the chroot operation locate for the following line in the /etc/postfix/master.cf configuration file:
smtp inet n - - - - smtpd
and modify it as follows:
smtp inet n - n - - smtpd
You will then need to restart Postfix to use the new configuration. From a terminal prompt enter:
sudo /etc/init.d/postfix restartLog Files
Postfix sends all log messages to /var/log/mail.log. However error and warning messages can sometimes get lost in the normal log output so they are also logged to /var/log/mail.err and /var/log/mail.warn respectively.
To see messages entered into the logs in real time you can use the tail -f command:
tail -f /var/log/mail.errThe amount of detail that is recorded in the logs can be increased. Below are some configuration options for increasing the log level for some of the areas covered above.
To increase TLS activity logging set the smtpd_tls_loglevel option to a value from 1 to 4.
sudo postconf -e 'smtpd_tls_loglevel = 4'If you are having trouble sending or receiving mail from a specific domain you can add the domain to the debug_peer_listparameter.
sudo postconf -e 'debug_peer_list = problem.domain'You can increase the verbosity of any Postfix daemon process by editing the /etc/postfix/master.cf and adding a -v after the entry. For example edit the smtp entry:
smtp unix - - - - - smtp -v
It is important to note that after making one of the logging changes above the Postfix process will need to be reloaded in order to recognize the new configuration: sudo /etc/init.d/postfix reload
To increase the amount of information logged when troubleshooting SASL issues you can set the following options in/etc/dovecot/dovecot.conf
auth_debug=yes auth_debug_passwords=yes
Just like Postfix if you change a Dovecot configuration the process will need to be reloaded: sudo /etc/init.d/dovecot reload.
Some of the options above can drastically increase the amount of information sent to the log files. Remember to return the log level back to normal after you have corrected the problem. Then reload the appropriate daemon for the new configuration to take affect.
References
Administering a Postfix server can be a very complicated task. At some point you may need to turn to the Ubuntu community for more experienced help.
A great place to ask for Postfix assistance, and get involved with the Ubuntu Server community, is the #ubuntu-server IRC channel on freenode. You can also post a message to one of the Web Forums.
For in depth Postfix information Ubuntu developers highly recommend: The Book of Postfix.
Finally, the Postfix website also has great documentation on all the different configuration options available.
Also, the Ubuntu Wiki Postifx page has more information.