出處:
https://blog.xuite.net/magic20095/wretch/111940549
< POP3及IMAP 部分 >
編輯
[root@mail ~]# vi /etc/pki/dovecot/dovecot-openssl.cnf
[ req ]
default_bits = 2048 金鑰長度預設為1024 bits
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
# country (2 letter code)
C=TW 國家改為TW
# State or Province Name (full name)
#ST=
# Locality Name (eg. city)
L=Taipei 城市改為台北
# Organization (eg. company)
O=Flag 公司改為Flag
# Organizational Unit Name (eg. section)
OU=IMAP/POP3 server #
# Common Name (*.example.com is also possible)
CN=mail.flag.com.tw 郵件主機
# E-mail contact
emailAddress=mis@flag.com.tw 管理者信箱
[ cert_type ]
nsCertType = server
接著檢視
[root@mail ~]# vi /etc/dovecot.conf 裡面會說明有關TLS憑證、金鑰檔存放路徑及檔案名稱 :
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem 憑證路徑
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem 金鑰路徑
接下來
[root@mail ~]# cd /etc/pki/dovecot/certs 切換到此目錄
[root@mail certs]# mv dovecot.pem dovecot.pem.old 備份舊的憑證
[root@mail certst]# cd ../private
[root@mail private]# mv dovecot.pem dovecot.pem.old 備份舊的金鑰
[root@mail private]# /usr/share/doc/dovecot-1.0/examples/mkcert.sh 產生新的憑證及金鑰
執行/etc/rc.d/init.d/dovecot restart 後即設定完成!!
PS : 防火牆記得要開啟995 Port
< SMTP部分 >
產生 certificate files for TLS
cd /etc/postfix
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
編輯 /etc/postfix/main.cf 加入下列
# SASL
smtpd_sasl_auth_enable=yes
smtpd_recipient_restrictions=permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_security_options=noanonymous
broken_sasl_auth_clients=yes
# TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
重新啟動 postfix 和 saslauthd
測試是否生效 :
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.flag.com.tw ESMTP Postfix
ehlo localhost
250-mail.flag.com.tw
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS 支援TLS加密了
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
留言列表