Настройка SSL/TLS в Postfix, Dovecot: различия между версиями
Перейти к навигации
Перейти к поиску
Danil (обсуждение | вклад) (Новая страница: «Здесь описаны основные шаги по настройке SSL/TLS для почтового сервера Postfix и IMAP-сервера Doveco…») |
Danil (обсуждение | вклад) |
||
| Строка 1: | Строка 1: | ||
| − | Здесь описаны основные шаги по настройке SSL/TLS для почтового сервера Postfix и IMAP-сервера Dovecot. | + | |
| + | <p>Здесь описаны основные шаги по настройке SSL/TLS для почтового сервера Postfix и IMAP-сервера Dovecot.</p> | ||
| + | <p>Первое что необходимо сделать это сгенерировать корневой самоподписанный сертификат. Для этого необходимо, чтобы в системе был установлен пакет OpenSSL. Командой ниже запустится мастер создания сертификата. Главное, правильно указать “common name” – полное доменное имя сервер, и поле “password” нужно оставить пустым.</p><!-- Crayon Syntax Highlighter v_2.7.2_beta --> | ||
| − | + | <div id="crayon-5c66d22f7f856481016074" class="crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate" data-settings=" minimize scroll-mouseover" style=" margin-top: 12px; margin-bottom: 12px; float: none; margin-left: auto; margin-right: auto; font-size: 12px !important; line-height: 15px !important;"> | |
| + | |||
| + | <div class="crayon-plain-wrap"><textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;"> | ||
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/mail.pem -keyout /etc/ssl/mail.pem | openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/mail.pem -keyout /etc/ssl/mail.pem | ||
| − | 1 | + | </textarea></div> |
| − | 2 | + | <div class="crayon-main" style=""> |
| − | 3 | + | <table class="crayon-table"> |
| − | + | <tr class="crayon-row"> | |
| − | + | <td class="crayon-nums " data-settings="hide"> | |
| − | openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/mail.pem -keyout /etc/ssl/mail.pem | + | <div class="crayon-nums-content" style="font-size: 12px !important; line-height: 15px !important;"><div class="crayon-num" data-line="crayon-5c66d22f7f856481016074-1">1</div><div class="crayon-num" data-line="crayon-5c66d22f7f856481016074-2">2</div><div class="crayon-num" data-line="crayon-5c66d22f7f856481016074-3">3</div></div> |
| − | + | </td> | |
| − | + | <td class="crayon-code"><div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;"><div class="crayon-line" id="crayon-5c66d22f7f856481016074-1"> </div><div class="crayon-line" id="crayon-5c66d22f7f856481016074-2"><span class="crayon-e">openssl </span><span class="crayon-v">req</span><span class="crayon-h"> </span><span class="crayon-o">-</span><span class="crayon-r">new</span><span class="crayon-h"> </span><span class="crayon-o">-</span><span class="crayon-v">x509</span><span class="crayon-h"> </span><span class="crayon-o">-</span><span class="crayon-i">days</span><span class="crayon-h"> </span><span class="crayon-cn">3650</span><span class="crayon-h"> </span><span class="crayon-o">-</span><span class="crayon-v">nodes</span><span class="crayon-h"> </span><span class="crayon-o">-</span><span class="crayon-v">out</span><span class="crayon-h"> </span><span class="crayon-o">/</span><span class="crayon-v">etc</span><span class="crayon-o">/</span><span class="crayon-v">ssl</span><span class="crayon-o">/</span><span class="crayon-v">mail</span><span class="crayon-sy">.</span><span class="crayon-v">pem</span><span class="crayon-h"> </span><span class="crayon-o">-</span><span class="crayon-v">keyout</span><span class="crayon-h"> </span><span class="crayon-o">/</span><span class="crayon-v">etc</span><span class="crayon-o">/</span><span class="crayon-v">ssl</span><span class="crayon-o">/</span><span class="crayon-v">mail</span><span class="crayon-sy">.</span><span class="crayon-i">pem</span></div><div class="crayon-line" id="crayon-5c66d22f7f856481016074-3"> </div></div></td> | |
| − | Установите права доступа к файлу сертификата root:root 0400 | + | </tr> |
| − | + | </table> | |
| − | Настройка Postfix | + | </div> |
| + | </div> | ||
| + | <!-- [Format Time: 0.0014 seconds] --> | ||
| + | <p>Установите права доступа к файлу сертификата <strong>root:root 0400</strong><span id="more-90"></span></p> | ||
| + | <p><strong>Настройка Postfix</strong></p> | ||
| + | <p>Добавьте/раскомментируйте/отредактируйте следующие строки в файле main.cf:</p><!-- Crayon Syntax Highlighter v_2.7.2_beta --> | ||
| − | + | <div id="crayon-5c66d22f7f86c289678365" class="crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate" data-settings=" minimize scroll-mouseover" style=" margin-top: 12px; margin-bottom: 12px; float: none; margin-left: auto; margin-right: auto; font-size: 12px !important; line-height: 15px !important;"> | |
| + | |||
| + | <div class="crayon-plain-wrap"><textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;"> | ||
-------------- | -------------- | ||
| Строка 23: | Строка 34: | ||
smtpd_tls_cert_file = /etc/ssl/mail.pem | smtpd_tls_cert_file = /etc/ssl/mail.pem | ||
-------------- | -------------- | ||
| − | 1 | + | </textarea></div> |
| − | 2 | + | <div class="crayon-main" style=""> |
| − | 3 | + | <table class="crayon-table"> |
| − | 4 | + | <tr class="crayon-row"> |
| − | 5 | + | <td class="crayon-nums " data-settings="hide"> |
| − | 6 | + | <div class="crayon-nums-content" style="font-size: 12px !important; line-height: 15px !important;"><div class="crayon-num" data-line="crayon-5c66d22f7f86c289678365-1">1</div><div class="crayon-num" data-line="crayon-5c66d22f7f86c289678365-2">2</div><div class="crayon-num" data-line="crayon-5c66d22f7f86c289678365-3">3</div><div class="crayon-num" data-line="crayon-5c66d22f7f86c289678365-4">4</div><div class="crayon-num" data-line="crayon-5c66d22f7f86c289678365-5">5</div><div class="crayon-num" data-line="crayon-5c66d22f7f86c289678365-6">6</div><div class="crayon-num" data-line="crayon-5c66d22f7f86c289678365-7">7</div></div> |
| − | 7 | + | </td> |
| − | + | <td class="crayon-code"><div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;"><div class="crayon-line" id="crayon-5c66d22f7f86c289678365-1"> </div><div class="crayon-line" id="crayon-5c66d22f7f86c289678365-2"><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span></div><div class="crayon-line" id="crayon-5c66d22f7f86c289678365-3"><span class="crayon-v">smtpd_use_tls</span><span class="crayon-h"> </span><span class="crayon-o">=</span><span class="crayon-h"> </span><span class="crayon-e">yes</span></div><div class="crayon-line" id="crayon-5c66d22f7f86c289678365-4"><span class="crayon-v">smtpd_tls_key_file</span><span class="crayon-h"> </span><span class="crayon-o">=</span><span class="crayon-h"> </span><span class="crayon-o">/</span><span class="crayon-v">etc</span><span class="crayon-o">/</span><span class="crayon-v">ssl</span><span class="crayon-o">/</span><span class="crayon-v">mail</span><span class="crayon-sy">.</span><span class="crayon-e">pem</span></div><div class="crayon-line" id="crayon-5c66d22f7f86c289678365-5"><span class="crayon-v">smtpd_tls_cert_file</span><span class="crayon-h"> </span><span class="crayon-o">=</span><span class="crayon-h"> </span><span class="crayon-o">/</span><span class="crayon-v">etc</span><span class="crayon-o">/</span><span class="crayon-v">ssl</span><span class="crayon-o">/</span><span class="crayon-v">mail</span><span class="crayon-sy">.</span><span class="crayon-v">pem</span></div><div class="crayon-line" id="crayon-5c66d22f7f86c289678365-6"><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span><span class="crayon-o">--</span></div><div class="crayon-line" id="crayon-5c66d22f7f86c289678365-7"> </div></div></td> | |
| − | + | </tr> | |
| − | -------------- | + | </table> |
| − | smtpd_use_tls = yes | + | </div> |
| − | smtpd_tls_key_file = /etc/ssl/mail.pem | + | </div> |
| − | smtpd_tls_cert_file = /etc/ssl/mail.pem | + | <!-- [Format Time: 0.0014 seconds] --> |
| − | -------------- | + | <p>В файле /etc/postfix/master.cf раскомментируем следующие строки:</p><!-- Crayon Syntax Highlighter v_2.7.2_beta --> |
| − | |||
| − | + | <div id="crayon-5c66d22f7f879040565600" class="crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate" data-settings=" minimize scroll-mouseover" style=" margin-top: 12px; margin-bottom: 12px; float: none; margin-left: auto; margin-right: auto; font-size: 12px !important; line-height: 15px !important;"> | |
| + | |||
| + | <div class="crayon-plain-wrap"><textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;"> | ||
smtps inet n - n - - smtpd | smtps inet n - n - - smtpd | ||
-o smtpd_tls_wrappermode=yes | -o smtpd_tls_wrappermode=yes | ||
-o smtpd_sasl_auth_enable=yes | -o smtpd_sasl_auth_enable=yes | ||
| − | 1 | + | </textarea></div> |
| − | 2 | + | <div class="crayon-main" style=""> |
| − | 3 | + | <table class="crayon-table"> |
| − | 4 | + | <tr class="crayon-row"> |
| − | 5 | + | <td class="crayon-nums " data-settings="hide"> |
| − | + | <div class="crayon-nums-content" style="font-size: 12px !important; line-height: 15px !important;"><div class="crayon-num" data-line="crayon-5c66d22f7f879040565600-1">1</div><div class="crayon-num" data-line="crayon-5c66d22f7f879040565600-2">2</div><div class="crayon-num" data-line="crayon-5c66d22f7f879040565600-3">3</div><div class="crayon-num" data-line="crayon-5c66d22f7f879040565600-4">4</div><div class="crayon-num" data-line="crayon-5c66d22f7f879040565600-5">5</div></div> | |
| − | + | </td> | |
| − | smtps inet n - n - - smtpd | + | <td class="crayon-code"><div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;"><div class="crayon-line" id="crayon-5c66d22f7f879040565600-1"> </div><div class="crayon-line" id="crayon-5c66d22f7f879040565600-2"><span class="crayon-e">smtps </span><span class="crayon-i">inet</span><span class="crayon-h"> </span><span class="crayon-v">n</span><span class="crayon-h"> </span><span class="crayon-o">-</span><span class="crayon-h"> </span><span class="crayon-v">n</span><span class="crayon-h"> </span><span class="crayon-o">-</span><span class="crayon-h"> </span><span class="crayon-o">-</span><span class="crayon-h"> </span><span class="crayon-v">smtpd</span></div><div class="crayon-line" id="crayon-5c66d22f7f879040565600-3"><span class="crayon-o">-</span><span class="crayon-i">o</span><span class="crayon-h"> </span><span class="crayon-v">smtpd_tls_wrappermode</span><span class="crayon-o">=</span><span class="crayon-v">yes</span></div><div class="crayon-line" id="crayon-5c66d22f7f879040565600-4"><span class="crayon-o">-</span><span class="crayon-i">o</span><span class="crayon-h"> </span><span class="crayon-v">smtpd_sasl_auth_enable</span><span class="crayon-o">=</span><span class="crayon-i">yes</span></div><div class="crayon-line" id="crayon-5c66d22f7f879040565600-5"> </div></div></td> |
| − | -o smtpd_tls_wrappermode=yes | + | </tr> |
| − | -o smtpd_sasl_auth_enable=yes | + | </table> |
| − | + | </div> | |
| + | </div> | ||
| + | <!-- [Format Time: 0.0010 seconds] --> | ||
| + | <p><strong>Настройка Dovecot</strong></p> | ||
| + | <p>В dovecot.conf надо прописать:</p><!-- Crayon Syntax Highlighter v_2.7.2_beta --> | ||
| − | + | <div id="crayon-5c66d22f7f885427475282" class="crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate" data-settings=" minimize scroll-mouseover" style=" margin-top: 12px; margin-bottom: 12px; float: none; margin-left: auto; margin-right: auto; font-size: 12px !important; line-height: 15px !important;"> | |
| + | |||
| + | <div class="crayon-plain-wrap"><textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;"> | ||
| − | + | ssl_cert = </etc/ssl/mail.pem | |
| − | + | ssl_key = </etc/ssl/mail.pem | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | ssl_cert = | ||
| − | ssl_key = | ||
#И включаем SSL | #И включаем SSL | ||
ssl = yes | ssl = yes | ||
| + | </textarea></div> | ||
| + | <div class="crayon-main" style=""> | ||
| + | <table class="crayon-table"> | ||
| + | <tr class="crayon-row"> | ||
| + | <td class="crayon-nums " data-settings="hide"> | ||
| + | <div class="crayon-nums-content" style="font-size: 12px !important; line-height: 15px !important;"><div class="crayon-num" data-line="crayon-5c66d22f7f885427475282-1">1</div><div class="crayon-num" data-line="crayon-5c66d22f7f885427475282-2">2</div><div class="crayon-num" data-line="crayon-5c66d22f7f885427475282-3">3</div><div class="crayon-num" data-line="crayon-5c66d22f7f885427475282-4">4</div><div class="crayon-num" data-line="crayon-5c66d22f7f885427475282-5">5</div><div class="crayon-num" data-line="crayon-5c66d22f7f885427475282-6">6</div></div> | ||
| + | </td> | ||
| + | <td class="crayon-code"><div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;"><div class="crayon-line" id="crayon-5c66d22f7f885427475282-1"> </div><div class="crayon-line" id="crayon-5c66d22f7f885427475282-2"><span class="crayon-v">ssl_cert</span><span class="crayon-h"> </span><span class="crayon-o">=</span><span class="crayon-h"> </span><span class="crayon-o"><</span><span class="crayon-o">/</span><span class="crayon-v">etc</span><span class="crayon-o">/</span><span class="crayon-v">ssl</span><span class="crayon-o">/</span><span class="crayon-v">mail</span><span class="crayon-sy">.</span><span class="crayon-e">pem</span></div><div class="crayon-line" id="crayon-5c66d22f7f885427475282-3"><span class="crayon-v">ssl_key</span><span class="crayon-h"> </span><span class="crayon-o">=</span><span class="crayon-h"> </span><span class="crayon-o"><</span><span class="crayon-o">/</span><span class="crayon-v">etc</span><span class="crayon-o">/</span><span class="crayon-v">ssl</span><span class="crayon-o">/</span><span class="crayon-v">mail</span><span class="crayon-sy">.</span><span class="crayon-v">pem</span><span class="crayon-h"> </span></div><div class="crayon-line" id="crayon-5c66d22f7f885427475282-4"><span class="crayon-p">#И включаем SSL</span></div><div class="crayon-line" id="crayon-5c66d22f7f885427475282-5"><span class="crayon-v">ssl</span><span class="crayon-h"> </span><span class="crayon-o">=</span><span class="crayon-h"> </span><span class="crayon-i">yes</span></div><div class="crayon-line" id="crayon-5c66d22f7f885427475282-6"> </div></div></td> | ||
| + | </tr> | ||
| + | </table> | ||
Версия 14:57, 15 февраля 2019
Здесь описаны основные шаги по настройке SSL/TLS для почтового сервера Postfix и IMAP-сервера Dovecot.
Первое что необходимо сделать это сгенерировать корневой самоподписанный сертификат. Для этого необходимо, чтобы в системе был установлен пакет OpenSSL. Командой ниже запустится мастер создания сертификата. Главное, правильно указать “common name” – полное доменное имя сервер, и поле “password” нужно оставить пустым.
<textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;">
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/mail.pem -keyout /etc/ssl/mail.pem
</textarea>|
1 2 3 |
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/mail.pem -keyout /etc/ssl/mail.pem |
Установите права доступа к файлу сертификата root:root 0400
Настройка Postfix
Добавьте/раскомментируйте/отредактируйте следующие строки в файле main.cf:
<textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;">
</textarea>
smtpd_use_tls = yes smtpd_tls_key_file = /etc/ssl/mail.pem smtpd_tls_cert_file = /etc/ssl/mail.pem
</textarea>
|
1 2 3 4 5 6 7 |
-------------- smtpd_use_tls = yes smtpd_tls_key_file = /etc/ssl/mail.pem smtpd_tls_cert_file = /etc/ssl/mail.pem -------------- |
В файле /etc/postfix/master.cf раскомментируем следующие строки:
<textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;">
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
</textarea>|
1 2 3 4 5 |
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes |
Настройка Dovecot
В dovecot.conf надо прописать:
<textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;">
ssl_cert = </etc/ssl/mail.pem ssl_key = </etc/ssl/mail.pem
- И включаем SSL
ssl = yes
</textarea>|
1 2 3 4 5 6 |
ssl_cert = </etc/ssl/mail.pem ssl_key = </etc/ssl/mail.pem #И включаем SSL ssl = yes |
