5.修改sendmail的配置文件(关于证书)
[root@mail certs]# vim /etc/mail/sendmail.mc
启用smtp
6.申请的证书及申请证书所需的文件存在的路径
[root@mail ~]# cd /etc/mail/certs
[root@mail certs]# chmod 600 *
[root@mail certs]# ll
total 12
-rw------- 1 root root 3102 Aug 5 07:47 sendmail.cert 证书
-rw------- 1 root root 655 Aug 5 07:37 sendmail.csr 请求文件
-rw------- 1 root root 887 Aug 5 07:35 sendmail.key 私钥
[root@mail certs]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.163.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 5 Aug 2012 08:19:21 +0800
helo 127.0.0.1
250 mail.163.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
ehlo 127.0.0.1
250-mail.163.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS //说明已可以用ssl加密达到安全传输!
250-DELIVERBY
250 HELP
7.测试:
[root@mail ~]# tail -f /var/log/maillog //日志信息
Aug 5 09:15:25 mail sendmail[4974]: STARTTLS=server, relay=[192.168.10.1], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
[root@mail ~]# tshark -ni eth0 -R "tcp.dstport eq 25 or tcp.srcport eq 25 "
29.378844 192.168.10.99 -> 192.168.10.1 SMTP S: 250-mail.163.com Hello [192.168.10.1], pleased to meet you | 250-ENHANCEDSTATUSCODES | 250-PIPELINING | 250-8BITMIME | 250-SIZE | 250-DSN | 250-ETRN | 250-STARTTLS | 250-DELIVERBY | 250 HELP
29.379199 192.168.10.1 -> 192.168.10.99 SMTP C: STARTTLS
29.394166 192.168.10.99 -> 192.168.10.1 SMTP S: 220 2.0.0 Ready to start TLS
29.529926 192.168.10.1 -> 192.168.10.99 SMTP C: \200O\001\003\001\0006\000\000\000\
发送信息已经可以加密!
smtps 只能点对点的!
8.接收端加密:
pop2/pop3-------pop3s
imap4------------imaps
dovecot
配置:
[root@mail ~]# mkdir -pv /etc/dovecot/certs
mkdir: created directory `/etc/dovecot'
mkdir: created directory `/etc/dovecot/certs'
[root@mail ~]# cd /etc/dovecot/certs/
[root@mail certs]# openssl genrsa 1024 >dovecot.key
Generating RSA private key, 1024 bit long modulus
............................................++++++
.......++++++
e is 65537 (0x10001)
[root@mail certs]# openssl req -new -key dovecot.key -out dovecot.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [He Nan]:
Locality Name (eg, city) [Zheng zhou]:
Organization Name (eg, company) [My Company Ltd]:163
Organizational Unit Name (eg, section) []:teconology
Common Name (eg, your name or your server's hostname) []:pop3.163.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@mail certs]# openssl req -new -key dovecot.key -out dovecot.csr
Subject:
countryName = CN
stateOrProvinceName = He Nan
organizationName = 163
organizationalUnitName = teconology
commonName = pop3.163.com
[root@mail certs]# vim /etc/dovecot.conf
[root@mail certs]# service dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]