题目要求
服务器AppSrv上的工作任务
5. MAIL(POSTFIX-SMTPS & DOVECOT-IMAPS)
Postfix
sdskill.com 的邮件发送服务器
支持smtps(465)协议连接,使用Rserver颁发的证书,证书路径/CA/cacert.pem
创建邮箱账户“user1~user99”(共99个用户),密码为Chinaskill20!;
Dovecot sdskill.com 的邮件接收服务器;
支持imaps(993)协议连接,使用Rserver颁发的证书,证书路径/CA/cacert.pem;
请保留至少两个用户已成功登录并能正常收发邮件,以方便测试.
项目实施
安装:(Centos只允许安装dovecot,因为postfix默认安装好了)
[root@appsrv ~]# yum install dovecot -y
申请证书:(这里我们用的自签名证书,如果需要机构上面那个apache服务以及做过)
[root@appsrv ~]# mkdir /CA
[root@appsrv ~]# openssl genrsa -out /CA/postfix.key
Generating RSA private key, 2048 bit long modulus
.....................................+++
.......................+++
e is 65537 (0x10001)
postfix证书:
[root@appsrv ~]# openssl req -new -x509 -key /CA/postfix.key -out /CA/postfix.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:ShangDong
Organization Name (eg, company) [Default Company Ltd]:skills
Organizational Unit Name (eg, section) []:Operations Departments
Common Name (eg, your name or your server's hostname) []:smtp.sdskills.com
Email Address []:
[root@appsrv ~]#
dovecot证书:
[root@appsrv ~]# openssl genrsa -out /CA/dovecot.key
Generating RSA private key, 2048 bit long modulus
.......+++
.......................................................................................................+++
e is 65537 (0x10001)
[root@appsrv ~]# openssl req -x509 -new -key /CA/dovecot.key -out /CA/dovecot.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:ShangDong
Organization Name (eg, company) [Default Company Ltd]:skills
Organizational Unit Name (eg, section) []:imap.sdskills.com
Common Name (eg, your name or your server's hostname) []:
Email Address []:
[root@appsrv ~]#
配置postfix
[root@appsrv ~]# vim /etc/postfix/main.cf
75行:myhostname = mail.sdskills.com //本机主机名,可以为 wjy.com
83行:mydomain = sdskills.com //服务器域名
99行:myorigin = $mydomain //初始域名
112行:inet_interfaces = all //网卡选择
115行: #inet_interfaces = localhost //注释115行
164行:mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain //目标域 or 注释164行,取消注释165行
264行:mynetworks = 0.0.0.0/0 //以下网段可以通过
419行:home_mailbox = Maildir/ //邮件目录,在用户家目录下
670行:smtpd_use_tls = yes
671行:smtpd_tls_cert_file = /CA/postfix.crt
672行:smtpd_tls_key_file = /CA/postfix.key
关闭普通端口开启465端口:
[root@appsrv ~]# vim /etc/postfix/master.cf
11行:#smtp inet n - n - - smtpd ##注释掉25端口
16行:smtps inet n - n - - smtpd ##开启465端口
28行: -o smtpd_tls_wrappermode=yes ##取消注释,启动证书认证
配置dovecot:
[root@appsrv ~]# vim /etc/dovecot/dovecot.conf
24行:protocols = imaps ##启用 imaps
[root@appsrv ~]# vim /etc/dovecot/conf.d/10-auth.conf
10行:disable_plaintext_auth = no
[root@appsrv ~]# vim /etc/dovecot/conf.d/10-mail.conf
24行: mail_location = maildir:~/Maildir ##取消注释
[root@appsrv ~]# vim /etc/dovecot/conf.d/10-ssl.conf
14行:ssl_cert = </CA/dovecot.crt
15行:ssl_key = </CA/dovecot.key
创建99个用户:
[root@appsrv ~]# for i in $(seq 1 99);do useradd user$i;done
[root@appsrv ~]# for i in $(seq 1 99);do echo "Chinaskill20"|passwd --stdin user$i;done
更改用户 user1 的密码 。
passwd:所有的身份验证令牌已经成功更新。
更改用户 user2 的密码 。
passwd:所有的身份验证令牌已经成功更新。
更改用户 user3 的密码 。
passwd:所有的身份验证令牌已经成功更新。
更改用户 user4 的密码 。
passwd:所有的身份验证令牌已经成功更新。
更改用户 user5 的密码 。
passwd:所有的身份验证令牌已经成功更新。
.....................................
[root@appsrv ~]#
重启服务并测试:
[root@appsrv ~]# systemctl restart postfix.service
[root@appsrv ~]# systemctl restart dovecot.service
客户端ping测试: