構(gòu)建反病毒反垃圾郵件系統(tǒng)(四)_Mail服務(wù)器教程
通過修改/usr/lib/ssl/misc/CA.pll腳本實(shí)現(xiàn),以下修改后CA1.pl和未修改CA.pl之間的對比:
*** CA.pl
--- CA1.pl
***************
*** 59,69 ****
} elsif (/^-newcert$/) {
# create a certificate
! system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Certificate (and private key) is in newreq.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
! system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
--- 59,69 ----
} elsif (/^-newcert$/) {
# create a certificate
! system ("$REQ -new -x509 -nodes -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Certificate (and private key) is in newreq.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
! system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
現(xiàn)在就可以使用修改的CA1.pl來簽發(fā)證書:
# cd /usr/local/ssl/misc
# ./CA1.pl -newca
# ./CA1.pl -newreq
# ./CA1.pl -sign
# cp demoCA/cacert.pem /etc/postfix/CAcert.pem
# cp newcert.pem /etc/postfix/cert.pem
# cp newreq.pem /etc/postfix/key.pem
修改main.cf,添加:
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/privkey.pem
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urandom
重起postfix后就可以看到250-STARTTLS
很多郵件客戶端對TLS的支持并不是非常好,建議使用stunnel來實(shí)現(xiàn)相應(yīng)的smtp和pop3加密。
# apt-get install stunnel
證書:
# openssl req -new -x509 -days 365 -nodes -config /etc/ssl/openssl.cnf -out stunnel.pem -keyout stunnel.pem
# openssl gendh 512 >> stunnel.pem
服務(wù)端:
# stunnel -d 60025 -r 25 -s nobody -g nogroup
# stunnel -d 60110 -r 110 -s nobody -g nogroup
如果使用-n pop3等參數(shù)就只能用郵件客戶端收信。
客戶端:
建一個stunnel.conf文件:
client = yes
[pop3]
accept = 127.0.0.1:110
connect = 192.168.7.144:60110
[smtp]
accept = 127.0.0.1:25
connect = 192.168.7.144:60025
然后啟動stunnel.exe,在郵件客戶端的smtp和pop3的服務(wù)器都填127.0.0.1就可以了,這樣從你到郵件服務(wù)器端的數(shù)據(jù)傳輸就讓stunnel給你加密了。
5、測試用戶
# mkdir -p /home/vmail/test.org/san/
# chown -R nobody.nogroup /home/vmail
# chmod -R 700 /home/vmail
mysql> use postfix
mysql> insert into transport set domain='test.org', destination='
virtual:';
mysql> insert into users set email='san@test.org',clear='test',name='',uid='65534',gid='65534',
homedir='home/vmail',maildir='test.org/san/';
然后就可以使用客戶端收發(fā)郵件,記得用戶名是email地址。
- qmail+vpopmail+sqwebmail的安裝步驟(1)
- 分布式的Qmail郵件系統(tǒng)(2)
- 以Procmail-Gateway過濾寄出信件病毒(2)
- QMAIL+MH設(shè)計(jì)方案(2)
- Webmail攻防實(shí)戰(zhàn)(8)
- 用WebEasyMail架構(gòu)Web郵件服務(wù)器(3)
- 分布式的Qmail郵件系統(tǒng)(1)
- 構(gòu)建反病毒反垃圾郵件系統(tǒng)(二)
- 配置你的第一臺e-mail服務(wù)器(4)
- Win2003自帶mail服務(wù)器配置詳細(xì)過程
- 用WebEasyMail架構(gòu)Web郵件服務(wù)器(4)
- 電子郵件系統(tǒng)收發(fā)不正常的常見原因
- 相關(guān)鏈接:
- 教程說明:
Mail服務(wù)器教程-構(gòu)建反病毒反垃圾郵件系統(tǒng)(四)。