{"id":6385,"date":"2022-11-29T16:16:59","date_gmt":"2022-11-29T07:16:59","guid":{"rendered":"https:\/\/www.lancard.com\/blog\/?p=6385"},"modified":"2025-03-12T11:25:24","modified_gmt":"2025-03-12T02:25:24","slug":"lets-encrypt-postfix-dovecot","status":"publish","type":"post","link":"https:\/\/www.lancard.com\/blog\/2022\/11\/29\/lets-encrypt-postfix-dovecot\/","title":{"rendered":"Let’s Encrypt\u306e\u8a3c\u660e\u66f8\u3092Postfix,Dovecot\u3067\u5229\u7528\u3059\u308b"},"content":{"rendered":"\nLet\u2019s Encrypt\u3067Web\u30b5\u30fc\u30d0\u306eSSL\/TLS\u8a3c\u660e\u66f8\u3092\u7d50\u69cb\u5229\u7528\u3057\u307e\u3059\u304c\u3001\u305d\u308c\u3092\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u3067\u5229\u7528\u3057\u3066RoundCube\u3067SSL\/TLS\u3067\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a66\u3057\u307e\u3059\u3002\n\n\n\n\u305f\u307e\u305f\u307e\u30c9\u30e1\u30a4\u30f3\u3092\u5272\u308a\u5f53\u3066\u3066\u3044\u305fCentOS 7\u306e\u30b5\u30fc\u30d0\u304c\u6709\u3063\u305f\u306e\u3067\u305d\u308c\u3092\u4f7f\u3044\u307e\u3057\u305f\u3002\n\n\n\n\n\n\n\n\n

<\/h2>\n\n\n\n\n\n
\n
\n
\n\u4e8b\u4f8b\u3067\u306fmail.example.com\u3092\u65e2\u306b\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u3068\u3057\u3066\u8a2d\u5b9a\u3057\u3066\u3044\u308b\u3051\u308c\u3069\u3001SSL\/TLS\u8a2d\u5b9a\u306f\u3057\u3066\u3044\u306a\u3044\u3082\u306e\u3068\u3057\u3066\u9032\u3081\u307e\u3059\u3002
\u4f7f\u7528\u3059\u308b\u30dd\u30fc\u30c8\u306f\u89e3\u653e\u6e08\u307e\u305f\u306f\u89e3\u653e\u4e0d\u8981\u306a\u72b6\u614b\u3067\u3059\u3002\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n\n\n

Dovecot<\/h2>\n\n\n\n\nDovecot\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067imaps(993)\u30dd\u30fc\u30c8\u304c\u6709\u52b9\u306a\u306e\u3067\u3001 \/etc\/dovecot\/conf.d\/10-ssl.conf \u3067\u4e8c\u884c\u7de8\u96c6\u3059\u308b\u3060\u3051\u3067\u3059\u3002\n\n\n\n\n
ssl_cert = <\/etc\/letsencrypt\/live\/mail.example.com\/fullchain.pem\nssl_key = <\/etc\/letsencrypt\/live\/mail.example.com\/privkey.pem<\/code><\/pre>\n\n\n\n\n\n
Postfix<\/h2>\n\n\n\n\nPostfix\u306e\u65b9\u306f\u3001\u307e\u305a\/etc\/postfix\/main.cf\u3067localhost\u4ee5\u5916\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3068\u3001\u8a3c\u660e\u66f8\u306e\u30d1\u30b9\u6307\u5b9a\u30fb\u30ad\u30e3\u30c3\u30b7\u30e5\u8a2d\u5b9a\u3092\u3057\u3066\u3001\n\n\n\n\n
# localhost\u4ee5\u5916\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\ninet_interfaces = all\n\n# SSL\/TLS\nsmtpd_tls_cert_file = \/etc\/letsencrypt\/live\/mail.example.com\/fullchain.pem\nsmtpd_tls_key_file = \/etc\/letsencrypt\/live\/mail.example.com\/privkey.pem\nsmtpd_tls_session_cache_database = btree:\/var\/lib\/postfix\/smtpd_scache\nsmtpd_tls_session_cache_timeout = 3600s<\/code><\/pre>\n\n\n\n\n\u6b21\u306b\/etc\/postfix\/master.cf\u3067submission\u30dd\u30fc\u30c8\u306e\u89e3\u653e\u3068STARTTLS\u3001SMTP\u8a8d\u8a3c\u306e\u4f7f\u7528\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002\n\n\n\n\n
submission inet n - n - - smtpd\n -o smtpd_tls_security_level=encrypt\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_sasl_path=private\/auth\n -o smtpd_sasl_security_options=noanonymous\n -o smtpd_sasl_local_domain=$myhostname\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_login_maps=hash:\/etc\/postfix\/virtual\n# Linux\u30e6\u30fc\u30b6\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u5834\u5408\u3001\u305d\u306e\u307e\u307e\u3067\u306fReject\u3055\u308c\u308b\u306e\u3067\u4eca\u56de\u306f\u5207\u308b\n# -o smtpd_sender_restrictions=reject_sender_login_mismatch\n-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject<\/code><\/pre>\n\n\n\n\n\u6700\u5f8c\u306b\u3069\u3061\u3089\u3082\u518d\u8d77\u52d5\u3002\n\n\n\n\n
systemctl restart dovecot postfix<\/code><\/pre>\n\n\n\n\n\n\n\n\n\n
RoundCube<\/h2>\n\n\n\n\nconfig\/config.inc.php\u3067imap, smtp\u95a2\u9023\u3092\u7de8\u96c6\u3002\n\n\n\n\n
\/\/ imaps\n$config['default_host'] = 'ssl:\/\/mail.example.com';\n$config['default_port'] = 993;\n\n\/\/ smtp submission\n$config['smtp_server'] = 'tls:\/\/mail.example.com';\n$config['smtp_port'] = 587;<\/code><\/pre>\n\n\n\n\n\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u9001\u53d7\u4fe1\u304c\u51fa\u6765\u308c\u3070\u5b8c\u4e86\u3067\u3059\u3002\n\n\n\n\n
\u9001\u4fe1\u51fa\u6765\u306a\u3044…<\/h2>\n\n\n\n\n\n
\n
\n
\n\u3053\u3053\u3067\u9001\u4fe1\u51fa\u6765\u306a\u304f\u3066\u4f55\u6545\uff1f\u3068\u8272\u3005\u3068\u8abf\u3079\u3066\u3044\u305f\u306e\u3067\u3059\u304c\u3001openssl\u30b3\u30de\u30f3\u30c9\u3067\u306f\u8a8d\u8a3c\u307e\u3067\u901a\u308b\u306e\u306b\u3068\u539f\u56e0\u304c\u66ab\u304f\u5206\u304b\u3089\u305a\u7acb\u3061\u5f80\u751f\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u7d50\u5c40\u539f\u56e0\u306fLet’s Encrypt\u306e\u8a3c\u660e\u66f8\u304c\u66f4\u65b0\u3055\u308c\u3066\u3044\u306a\u3044\u53e4\u3044\u8a3c\u660e\u66f8\u3060\u3063\u305f\u306e\u304c\u539f\u56e0\u3067\u3057\u305f\u3002\n<\/div>\n<\/div>\n<\/div><\/div>\n\n\n\n\n\n
\n
\n\u4f55\u304bopenssl\u30b3\u30de\u30f3\u30c9\u3067\u306e\u63a5\u7d9a\u3067warning\u51fa\u3066\u308b\u306a\u3001\u3068\u8a66\u3057\u3066\u3044\u308b\u5185\u306b\u6c17\u4ed8\u3044\u305f\u306e\u3067\u5206\u304b\u3063\u305f\u306e\u3067\u3059\u304c\u3002
\u3042\u3093\u307e\u308a\u3053\u306e\u30b5\u30fc\u30d0\u4f7f\u3063\u3066\u306a\u304b\u3063\u305f\u304b\u3089\u8a3c\u660e\u66f8\u3082\u66f4\u65b0\u3057\u3066\u306a\u304b\u3063\u305f\u3093\u3067\u3059\u306d\u3002\u3068\u3044\u3046\u308f\u3051\u3067\u3042\u3093\u307e\u308a\u8d77\u304d\u306a\u3044\u539f\u56e0\u3067\u306e\u5931\u6557\u3067\u3057\u305f\u3002\n<\/div>\n<\/div>\n\n\n\n\n\n\n\n\n\n
\u304a\u307e\u3051\uff1asmtps(465)\u30dd\u30fc\u30c8\u3067tls_wrappermode\u3067\u306e\u63a5\u7d9a<\/h2>\n\n\n\n\n\u53e4\u3044\u65b9\u6cd5\u3067smtps\u30dd\u30fc\u30c8\u3092\u4f7f\u7528\u3057\u3066tls_wrappermode\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u3082\u3042\u308b\u3088\u3046\u3067\u3059\u3002\n\n\n\n\u3053\u306e\u5834\u5408STARTTLS\u3067\u306f\u306a\u304f\u3001RoundCube\u306econfig\/config.inc.php\u306esmtp\u8a2d\u5b9a\u306ftls:\/\/\u3067\u306a\u304fssl:\/\/\u3068\u306a\u308a\u307e\u3057\u305f\u3002\n\n\n\n\n
\/\/ smtps tls_wrappermode\n$config['smtp_server'] = 'ssl:\/\/mail.example.com';\n$config['smtp_port'] = 465;<\/code><\/pre>\n\n\"Facebook\"<\/a>\"twitter\"<\/a>\"linkedin\"<\/a>\"tumblr\"<\/a>\"mail\"<\/a>","protected":false},"excerpt":{"rendered":"
Let\u2019s Encrypt\u3067Web\u30b5\u30fc\u30d0\u306eSSL\/TLS\u8a3c\u660e\u66f8\u3092\u7d50\u69cb\u5229\u7528\u3057\u307e\u3059\u304c\u3001\u305d\u308c\u3092\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u3067\u5229\u7528\u3057\u3066RoundCube\u3067SSL\/TLS\u3067\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a66\u3057\u307e\u3059\u3002 \u305f\u307e\u305f\u307e\u30c9\u30e1\u30a4\u30f3\u3092\u5272\u308a\u5f53\u3066\u3066\u3044\u305fCentOS 7\u306e […]<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6385","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts\/6385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/comments?post=6385"}],"version-history":[{"count":17,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts\/6385\/revisions"}],"predecessor-version":[{"id":6402,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts\/6385\/revisions\/6402"}],"wp:attachment":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/media?parent=6385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/categories?post=6385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/tags?post=6385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}