Dovecot 配置！

最新推荐文章于 2024-07-14 09:23:06 发布

congsikuai0611

最新推荐文章于 2024-07-14 09:23:06 发布

阅读量453

点赞数

文章标签：网络运维

一，Mail Retrieval Protocols

Post Office Protocol
All data,including passwords,is passed in cleartext over TCP port 110
Use POP3s to provide SSL encryption of data over TCP port 995

Internet Mail Access Protocol
All data,including passwords,is passwd in cleartext over TCP port 143
Use IMAP to provide SSL encryption of data over TCP port 993

Dovecot supports POP3,POP3s,IMAP,and IMAPs

[@more@]

二，Service Profile:Dovecot

type:systemV-managed service
package:dovecot
daemon:/usr/sbin/dovecot
scritp:/etc/init.d/dovecot
ports:110(pop),995(pop3s),143(imap),993(imaps)
configuration:/etc/devecot.conf
Related:procmail,fetchmail,openssl

三，Dovecot Configuration

Listens on all IPv6 and IPv4 interfaces by default
Specify protocols in /etc/dovecot.conf
protocols = imap imaps pop3 pop3s

Make a private key and self-signed certificate before using SSL
1,confirm system time to avoid date issues
2,review /etc/dovecot.conf for key and cert locations
3,Run make -C /etc/pki/tls/certs dovecot.pem
creates a single PEM file containing both the key and the cert
4,copy the new PEM file to both locations

四，verifying POP Operation
Verify server operation
Graphical:Thunderbird and Evolution
Text-mode:mutt and Fetchmail

mutt -f pop://user@server[:port]
mutt -f pops://user@server[:port]

Can also use telnet(POP3) or openssl s_client(POP3s)
identify problems with certificate date or permissions

五，verifying IMAP Operation
Verify server operation
Graphical:Thunderbird and Evolution
Text-mode:mutt and Fetchmail

mutt -f imap://user@server[:port]
mutt -f imaps://user@server[:port]

Can also use telnet(POP3) or openssl s_client(POP3s)
identify problems with certificate date or permissions

具体操作：
一，安装：
[root@station10 ~]# yum install -y dovecot

二，配置/etc/doveot.conf
protocols = imap imaps pop3 pop3s

三，创建密钥
1，确认时间，以及区域是否正确。
[root@station10 ~]# date
Wed Oct 22 09:46:59 CST 2008
[root@station10 ~]#

2，删除其他的证书：
[root@station10 ~]# find /etc/ -name dovecot.pem -exec rm {} ;

3，生成证书：
[root@station10 ~]# make -C /etc/pki/tls/certs dovecot.pem
make: Entering directory `/etc/pki/tls/certs'
umask 77 ;
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ;
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ;
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ;
cat $PEM1 > dovecot.pem ;
echo "" >> dovecot.pem ;
cat $PEM2 >> dovecot.pem ;
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
......++++++
.....................++++++
writing new private key to '/tmp/openssl.h10778'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:China
Locality Name (eg, city) [Newbury]:Guangdong
Organization Name (eg, company) [My Company Ltd]:Example,Inc.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:station10.example.com
Email Address []:root@station10.example.com
make: Leaving directory `/etc/pki/tls/certs'
[root@station10 ~]#

4，查看证书信息：
[root@station10 ~]# find /etc/pki/ -name dovecot.pem -ls
99026 8 -rw------- 1 root root 2182 Oct 22 09:50 /etc/pki/tls/certs/dovecot.pem
[root@station10 ~]#

5，查看配置文件：
[root@station10 ~]# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
#ssl_key_password =
[root@station10 ~]#

6，修改配置文件：
[root@station10 ~]# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tls/certs/dovecot.pem
#ssl_key_password =
[root@station10 ~]#

7，启动服务：
[root@station10 ~]# service dovecot status
dovecot is stopped
[root@station10 ~]# service dovecot start
Starting Dovecot Imap: [ OK ]
[root@station10 ~]# chkconfig dovecot on
[root@station10 ~]#

8，监听的服务：
[root@station10 ~]# netstat -tulpn | grep dovecot
tcp 0 0 :::993 :::* LISTEN 10848/dovecot
tcp 0 0 :::995 :::* LISTEN 10848/dovecot
tcp 0 0 :::110 :::* LISTEN 10848/dovecot
tcp 0 0 :::143 :::* LISTEN 10848/dovecot
[root@station10 ~]#

9，测试：
[root@station10 ~]# echo 'this is a test' | mail -s test root

[root@station10 ~]# mutt -f pop://root@station10.example.com

出错，日志提示：
Oct 22 10:02:19 station10 dovecot: Logins with UID 0 not permitted (user root)
Oct 22 10:02:19 station10 dovecot: pop3-login: Internal login failure: user=, method=PLAIN, rip=::ffff:192.168.0.10, lip=::ffff:192.168.0.10, secured

/etc/dovcot.conf的信息中显示：
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.

用其他用户测试：
[root@station10 ~]# useradd student
[root@station10 ~]# passwd student
Changing password for user student.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@station10 ~]# echo 'this is a test' | mail -s test student
[root@station10 ~]#

用
[root@station10 ~]# mutt -f pop://student@station10.example.com
测试，ok.

用下面测试都正常：
mutt -f pops://student@station10.example.com

mutt -f imap://student@station10.example.com

mutt -f imaps://student@station10.example.com

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/312079/viewspace-1012258/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/312079/viewspace-1012258/