{"id":1674,"date":"2021-07-02T02:10:44","date_gmt":"2021-07-01T18:10:44","guid":{"rendered":"http:\/\/blog.infinity.idv.tw\/?p=1674"},"modified":"2021-07-02T02:12:06","modified_gmt":"2021-07-01T18:12:06","slug":"postfix-pop3_smtp%e5%8a%a0%e5%85%a5tls%e5%8a%a0%e5%af%86%e5%82%b3%e8%bc%b8","status":"publish","type":"post","link":"http:\/\/blog.infinity.idv.tw\/?p=1674","title":{"rendered":"Postfix-POP3_SMTP\u52a0\u5165TLS\u52a0\u5bc6\u50b3\u8f38"},"content":{"rendered":"

\u51fa\u8655\uff1a<\/font><\/p>\n

https:\/\/blog.xuite.net\/magic20095\/wretch\/111940549<\/font><\/p>\n

< POP3\u53caIMAP \u90e8\u5206 >
\u7de8\u8f2f
[root@mail ~]# vi \/etc\/pki\/dovecot\/dovecot-openssl.cnf
[ req ]
default_bits = 2048   \u91d1\u9470\u9577\u5ea6\u9810\u8a2d\u70ba1024 bits
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no<\/font><\/p>\n

[ req_dn ]
# country (2 letter code)
C=TW     \u570b\u5bb6\u6539\u70baTW<\/font><\/p>\n

# State or Province Name (full name)
#ST=<\/font><\/p>\n

# Locality Name (eg. city)
L=Taipei   \u57ce\u5e02\u6539\u70ba\u53f0\u5317<\/font><\/p>\n

# Organization (eg. company)
O=Flag  \u516c\u53f8\u6539\u70baFlag<\/font><\/p>\n

# Organizational Unit Name (eg. section)
OU=IMAP\/POP3 server    #
# Common Name (*.example.com is also possible)
CN=mail.flag.com.tw    \u90f5\u4ef6\u4e3b\u6a5f<\/font><\/p>\n

# E-mail contact
<\/font>emailAddress=mis@flag.com.tw<\/font><\/a> \u7ba1\u7406\u8005\u4fe1\u7bb1<\/font><\/p>\n

[ cert_type ]
nsCertType = server
\u63a5\u8457\u6aa2\u8996
[root@mail ~]# vi \/etc\/dovecot.conf  \u88e1\u9762\u6703\u8aaa\u660e\u6709\u95dcTLS\u6191\u8b49\u3001\u91d1\u9470\u6a94\u5b58\u653e\u8def\u5f91\u53ca\u6a94\u6848\u540d\u7a31 :
ssl_cert_file = \/etc\/pki\/dovecot\/certs\/dovecot.pem     \u6191\u8b49\u8def\u5f91
ssl_key_file = \/etc\/pki\/dovecot\/private\/dovecot.pem   \u91d1\u9470\u8def\u5f91
\u63a5\u4e0b\u4f86
[root@mail ~]# cd \/etc\/pki\/dovecot\/certs     \u5207\u63db\u5230\u6b64\u76ee\u9304
[root@mail certs]# mv dovecot.pem dovecot.pem.old   \u5099\u4efd\u820a\u7684\u6191\u8b49
[root@mail certst]# cd ..\/private
[root@mail private]# mv dovecot.pem dovecot.pem.old  \u5099\u4efd\u820a\u7684\u91d1\u9470
[root@mail private]# \/usr\/share\/doc\/dovecot-1.0\/examples\/mkcert.sh  \u7522\u751f\u65b0\u7684\u6191\u8b49\u53ca\u91d1\u9470
\u57f7\u884c\/etc\/rc.d\/init.d\/dovecot restart  \u5f8c\u5373\u8a2d\u5b9a\u5b8c\u6210!!
PS : \u9632\u706b\u7246\u8a18\u5f97\u8981\u958b\u555f995 Port
<\/font><\/p>\n

< SMTP\u90e8\u5206 >
\u7522\u751f certificate files for TLS
cd \/etc\/postfix
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650<\/font><\/p>\n

\u7de8\u8f2f \/etc\/postfix\/main.cf \u52a0\u5165\u4e0b\u5217
# SASL
smtpd_sasl_auth_enable=yes
smtpd_recipient_restrictions=permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_security_options=noanonymous
broken_sasl_auth_clients=yes
# TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = \/etc\/postfix\/smtpd.pem
smtpd_tls_cert_file = \/etc\/postfix\/smtpd.pem
smtpd_tls_CAfile = \/etc\/postfix\/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:\/dev\/urandom
\u91cd\u65b0\u555f\u52d5 postfix \u548c saslauthd
\u6e2c\u8a66\u662f\u5426\u751f\u6548 :
telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mail.flag.com.tw ESMTP Postfix
ehlo localhost
250-mail.flag.com.tw
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS     \u652f\u63f4TLS\u52a0\u5bc6\u4e86
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN<\/font><\/p>\n","protected":false},"excerpt":{"rendered":"

\u51fa\u8655\uff1a<\/p>\n

https:\/\/blog.xuite.net\/magic20095\/wretch\/111940549<\/p>\n

< POP3\u53caIMAP \u90e8\u5206 > \u7de8\u8f2f [root@mail ~]# vi \/etc\/pki\/dovecot\/dovecot-openssl.cnf [ req ] default_bits = 2048   \u91d1\u9470\u9577\u5ea6\u9810\u8a2d\u70ba1024 bits encrypt_key = yes distinguished_name = req_dn […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":[],"categories":[255],"tags":[674],"_links":{"self":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/1674"}],"collection":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1674"}],"version-history":[{"count":3,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/1674\/revisions"}],"predecessor-version":[{"id":1677,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/1674\/revisions\/1677"}],"wp:attachment":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1674"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}