postfix+dovecot配置SSL
确保postfix和dovecot不配置SSL可以正常使用
配置SSL证书
配置证书
- cd /etc/pki/tls/certs
- 生成加密密钥
[root@abc certs]# make server.key
umask 77 ;
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
…+++
…+++
e is 65537 (0x10001)
Enter pass phrase: #输入密码
Verifying - Enter pass phrase: #再次输入密码 - [root@abc certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:#输入密码
writing RSA key - 生成证书
[root@abc certs]# make server.csr
umask 77 ;
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:CN #国家
State or Province Name (full name) []:jiangsu #省份
Locality Name (eg, city) [Default City]:suzhou #城市
Organization Name (eg, company) [Default Company Ltd]😗*** #公司
Organizational Unit Name (eg, section) []😗*** #部门
Common Name (eg, your name or your server’s hostname) []:mail.***.com.cn #名字或者服务器名称
Email Address []:test1@***.com.cn #邮箱
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: #回车
An optional company name []:#回车
[root@abc certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 #证书有效期10年
Signature ok
subject=/C=CN/ST=jiangsu/L=suzhou/O=***/OU=***/CN=mail.***.com.cn/emailAddress=test1@***.com.cn
Getting Private key
配置postfix
- [root@abc postfix]# pwd
/etc/postfix
[root@abc postfix]# vi main.cf
在最后加上
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache - 相同路径下
vi master.cf
取消注释下面这两行,可以/smtps查找一下
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
配置dovecot
vi /etc/dovecot/conf.d/10-ssl.conf
修改下面三行
ssl = yes
ssl_cert = </etc/pki/tls/certs/server.crt
ssl_key = </etc/pki/tls/certs/server.key
启动 postfix和dovecot
dovecot -p
输入密码
systemctl start postfix
可以通过查看mail日志确定是否发送成功
vi /var/log/maillog
配置foxmail
这样在foxmail配置服务器的时候可以勾选ssl
如果dns解析不出服务器域名,可以在C:\Windows\System32\drivers\etc路径下直接修改hosts文件,增加IP和域名的对应关系
参考博文:https://blog.csdn.net/Jesus_loves_me/article/details/89202759