配置postfix和dovecot启用SSL以加密连接
配置postfix和dovecot启用SSL。
[root@mail ~]# vi /etc/postfix/main.cf
# 添加如下到末尾。
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
[root@mail ~]# vi /etc/postfix/master.cf
# 第17-18行: 去掉注释
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
[root@mail ~]# vi /etc/dovecot/conf.d/10-ssl.conf
# 第6行:
ssl = yes
# 第12,13行:
ssl_cert = </etc/pki/tls/certs/server.crt
ssl_key = </etc/pki/tls/certs/server.key
配置完成后,重新启动postfix和dovecot。
[root@mail ~]# /etc/rc.d/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@mail ~]# /etc/rc.d/init.d/dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
加密的POP3s/IMAPs设置
[root@rhel6 ~]# vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes //设置密文传输
[root@rhel6 ~]# vi /etc/dovecot/conf.d/10-ssl.conf
ssl=required //开启SSL
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem //公钥路径
ssl_key = </etc/pki/dovecot/private/dovecot.pem //私钥路径
[root@rhel6 ~]# vi /etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
#port = 993
#ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
[root@rhel6 ~]# /etc/init.d/dovecot restart
[root@rhel6 ~]# netstat -lntp | grep dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2547/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2547/dovecot
tcp 0 0 :::993 :::* LISTEN 2547/dovecot
tcp 0 0 :::995 :::* LISTEN 2547/dovecot
