Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2343549
  • 博文数量: 535
  • 博客积分: 8689
  • 博客等级: 中将
  • 技术积分: 7066
  • 用 户 组: 普通用户
  • 注册时间: 2010-11-26 10:00
文章分类

全部博文(535)

文章存档

2024年(4)

2023年(4)

2022年(16)

2014年(90)

2013年(76)

2012年(125)

2011年(184)

2010年(37)

分类: LINUX

2011-02-12 10:50:00

postfix设置tls

TLS设置

生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到。

mkdir -p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo "01" > serial
touch index.txt
cp /usr/src/crypto/openssl/apps/openssl.cnf .

编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。然后继续执行如下命令,并根据情况输入信息。输入信息类似如下:

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:Bei Jing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extmail
Organizational Unit Name (eg, section) []:extmail
Common Name (eg, YOUR name) []:extmail.org
Email Address []:chifeng@gmail.com

命令如下:

openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown root:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0

配置postfix支持TLS

postconf -e 'smtpd_use_tls=yes'
postconf -e 'smtpd_tls_auth_only=no'
postconf -e 'smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem'
postconf -e 'smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem'
postconf -e 'smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem'
postconf -e 'smtpd_tls_CAfile=/usr/local/etc/postfix/certs/cacert.pem'
postconf -e 'smtpd_tls_cert_file=/usr/local/etc/postfix/certs/mycert.pem'
postconf -e 'smtpd_tls_key_file=/usr/local/etc/postfix/certs/mykey.pem'
postconf -e 'smtpd_tls_received_header=yes'
postconf -e 'smtpd_tls_loglevel=3'
postconf -e 'smtpd_starttls_timeout=60s'

配置master.cf,添加如下信息

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
阅读(1404) | 评论(0) | 转发(0) |
0

上一篇:bind 做智能DNS

下一篇:wget使用范例

给主人留下些什么吧!~~