Postfix
sdskill.org 的邮件发送服务器
支持smtps(465)协议连接,使用Rserver颁发的证书,证书路径/CA/cacert.pem;
创建邮箱账户“user1~user99”(共99个用户),密码为Chinaskill20!
Dovecot
sdskill.org 的邮件接收服务器;
支持imaps(993)协议连接,使用Rserver颁发的证书,证书路径/CA/cacert.pem;
请保留至少两个用户已成功登录并能正常收发邮件,以方便测试。
yum -y install openssl
mkdir /CA
cd /CA //进入证书目录
mkdir certs
mkdir newcerts
mkdir private
touch index.txt
openssl genrsa -out private/mail.key 4096 //生成密钥
openssl genrsa -out private/dov.key 4096 //生成密钥
openssl req -new -key private/mail.key -out certs/mail.csr //生成证书请求文件
openssl req -new -key private/dov.key -out certs/dov.csr //生成证书请求文件
//Rserver颁发证书
Scp root@172.16.100.202:/CA/certs/mail.csr /CA/ //拿到证书请求文件
Scp root@172.16.100.202:/CA/certs/dov.csr /CA/ //拿到证书请求文件
cd /CA/
openssl ca -keyfile private/cacert.pem -cert cacert.pem -in mail.csr -out mail.pem //颁发证书
openssl ca -keyfile private/cacert.pem -cert cacert.pem -in dov.csr -out dov.pem //颁发证书
//如果出现错误编号2是因为你颁发的证书跟前面的证书的CN名字相同
rm -rf index.txt
touch index.txt //重新编写index.txt
//mail拿回证书
Scp root@10.10.100.254:/CA/mail.pem /CA/
Scp root@10.10.100.254:/CA/dov.pem /CA/
yum -y install dovecot //安装邮件接收服务
vim /etc/postfix/main.cf
myhostname = mail.sdskills.org //本机主机名75行
mydomain = sdskills.org //服务器域名83行
myorigin = $mydomain //初始域名99行
inet_interfaces = all //网卡选择113行
#inet_interfaces = $myhostname, localhost //注释掉115行
#inet_interfaces = localhos //注释掉116
#mydestination = $myhostname, localhost.$mydomain, localhost //注释掉164行
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain //取消注释165行
mynetworks = 0.0.0.0/0 //以下网段可以通过264行
home_mailbox = Maildir/ //邮件目录,在用户家目录下419行
//在最后一行添加启用证书认证跟指定证书文件目录
smtpd_use_tls = yes
smtpd_tls_cert_file = /CA/mail.pem
smtpd_tls_key_file = /CA/private/mail.key
vim /etc/postfix/master.cf
#smtp inet n - n - - smtpd //注释11行,关闭25端口
smtps inet n - n - - smtpd //取消注释26行,开启465端口
-o smtpd_tls_wrappermode=yes //取消注释28行,开启证书认证
vim /etc/dovecot/dovecot.conf
protocols = imaps //24行,启用imaps
listen = * //30行,监听所有
login_trusted_networks = 0.0.0.0/0 //48行,信任所有
vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no //10行,开启明文身份认证
vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir //24行取消注释,邮箱用户在家目录上自动创建Maildir目录
vim /etc/dovecot/conf.d/10-ssl.conf
ssl = yes //8行
ssl_cert = </CA/dov.pem //14行,指定证书文件路径
ssl_key = </CA/private/dov.key //15行,指定证书密钥路径
for i in $(seq 1 99);do useradd user$i;done //创建user(1-99)
for i in $(seq 1 99);do echo "Chinaskill22"|passwd --stdin user$i;done //为user(1-99)设置密码,密码为Chinaskill22
systemctl restart postfix.service //重启邮件发送服务
systemctl restart dovecot //重启邮件接收服务
客户端
yum -y install thunderbird //安装邮件客户端
vim /etc/hosts
172.16.100.202 smtp.sdskills.com
172.16.100.202 imap.sdskills.com //因为DNS没有添加此域名,需要手动添加
telnet localhost 25
mail from:<zzmail1>
rcpt to:<zzmail2>
data
zzmail1@zzcity.com->zzmail2@zzcity.com
.
cat /home/zzmail2/Maildir/new/1675959826.Vfd00I319211eM781944.localhost.localdomain