postfix+dovecot+ssl

申请证书

mkdir /etc/sslcd /etc/ssl

生成私钥

openssl genrsa -out mail.keyGenerating RSA private key, 2048 bit long modulus (2 primes)......................................................................................+++++....................+++++e is 65537 (0x010001)

生成证书请求文件

openssl req -new -key mail.key -out mail.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:CNState or Province Name (full name) [Some-State]:HNLocality Name (eg, city) []:ZZOrganization Name (eg, company) [Internet Widgits Pty Ltd]:skillsOrganizational Unit Name (eg, section) []:systemCommon Name (e.g. server FQDN or YOUR name) []:Email Address []:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:

生成证书

openssl x509 -req -signkey mail.key -in mail.csr -out mail.crt -days 3650Signature oksubject=C = CN, ST = HN, L = ZZ, O = skills, OU = system, CN = Getting Private key

配置邮件（）

postfix

/etc/postfix/vim main.cf# TLS parameterssmtpd_tls_cert_file=/etc/ssl/mail.crtsmtpd_tls_key_file=/etc/ssl/mail.keysmtpd_tls_security_level=maysmtp_tls_CApath=/etc/ssl/certssmtp_tls_security_level=maysmtp_tls_session_cache_database = btree:${data_directory}/smtp_scachesmtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destinationmyhostname = #指定主机名字mydomain = #指定域名alias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliasesmyorigin = /etc/mailnamemydestination = $myhostname, $mydomain #添加mydomainrelayhost =mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.10.70.0/24 #允许网段mailbox_size_limit = 0recipient_delimiter = +inet_interfaces = allvim master.cf## Postfix master process configuration file. For details on the format# of the file, see the master(5) manual page (command: "man 5 master" or# on-line: /master.5.html).## Do not forget to execute "postfix reload" after editing this file.## ==========================================================================# service type private unpriv chroot wakeup maxproc command + args#(yes) (yes) (no) (never) (100)# ==========================================================================#smtpinet n - y - - smtpd#注释#smtpinet n - y - 1 postscreen#smtpdpass - - y - - smtpd#dnsblog unix - - y - 0 dnsblog#tlsproxy unix - - y - 0 tlsproxy#submission inet n - y - - smtpd# -o syslog_name=postfix/submission# -o smtpd_tls_security_level=encrypt# -o smtpd_sasl_auth_enable=yes# -o smtpd_tls_auth_only=yes# -o smtpd_reject_unlisted_recipient=no# -o smtpd_client_restrictions=$mua_client_restrictions# -o smtpd_helo_restrictions=$mua_helo_restrictions# -o smtpd_sender_restrictions=$mua_sender_restrictions# -o smtpd_recipient_restrictions=# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject# -o milter_macro_daemon_name=ORIGINATINGsmtpsinet n - y - - smtpd #注释取消-o syslog_name=postfix/smtps#注释取消-o smtpd_tls_wrappermode=yes#注释取消# -o smtpd_sasl_auth_enable=yes# -o smtpd_reject_unlisted_recipient=no# -o smtpd_client_restrictions=$mua_client_restrictions# -o smtpd_helo_restrictions=$mua_helo_restrictions# -o smtpd_sender_restrictions=$mua_sender_restrictions# -o smtpd_recipient_restrictions=# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject# -o milter_macro_daemon_name=ORIGINATING

dovecot

##/etc/dovecot/vim dovecot.conf （修改第30、48行）listen = *, :: #注释取消login_trusted_networks = 10.10.70.0/24 #添加网段##/etc/dovecot/conf.dvim 10-auth.conf （第10行取消注释）disable_plaintext_auth = yesvim 10-ssl.conf （修改第6、12、13行）ssl = yesssl_cert = </etc/ssl/mail.crtssl_key = </etc/ssl/mail.key

别名（aliases）

vim /etc/aliases (给all发邮件，mail1和mail2同样会收到)all: mail1,mail2#启用mail:~# newaliases