This page is use UTF-8 encoding. If you cann't see the page contents, Please change the Character Encoding to UTF-8 .
Contents
å¨ Dovecot ä¸ä½¿ç¨ SSL ä¾å å¯æ¥æ¶ä¼ºæå¨çé£æ¥
å ¶å¯¦å¨è¬è§£ä¸å以ä¿å®åè½å¼·åçæ¥æ¶ä¼ºæå¨çæåï¼ç¸½ä¸è½ä¸æå®ç SSL åè½çãéä¹æ¯ç¢ºä¿ä¼ºæå¨å客æ¶ç«¯æ¥æ¶åè³æå³éæçå®å ¨åä¸è¢«çè½çä¸åæææ¹æ³ã
å¦å¤ Dovecot å¨ä¸åç Unix æ Linux ä¸é è¨å°å®ç ssl é£ç·ä¹å·²ç¶å»ºç«å¥½äºçãå©ä¸åªæ¯ä½ æ¯å¦éæ°å°å»ºç«é伺æå¨ä¸ç cert å key å§äºã
Dovecot ä¸ç dovecot-mkcert.sh æªæ¡
Dovecot çºäºæ¹ä¾¿ç®¡çè 管ç dovecot æ¥æ¶ä¼ºæå¨ï¼æ以å¨å®çç¨å¼å ä¸å·²ç¶æ dovecot-mkcert.sh ç¨å¼äºãéå¯ä»¥å¤§å¤§å å¿«å»ºç« Dovecot ä¸ç cert å Key çé度ï¼æ以建è°ä½¿ç¨è 使ç¨éç¨å¼ä¾å»ºç« cert å key ãä½æ¯ç¶ç¶ä½ ä¹å¯ä»¥èªè¡ä½¿ç¨ OpenSSL çæ令ä¾å»ºç«å®åçã
æª¢è¦ dovecot-mkcert.sh æªæ¡
ææ建è°ä½ æç´°å°çä¸çéä¸åæªæ¡çå §å®¹ï¼å çºå ¶ä¸æéè¦ä½ è¨å®ä¸å conf æªæ¡çãï¼é裡æ以 OpenBSD çº default æªæ¡è·¯å¾ï¼ä½æ¯ fedora ä¹å¯ä»¥éé $ rpm -ql ä¾æ¾å°å ¶è·¯å¾çã
å¨ OpenBSD ä¸ï¼ dovecot-mkcert.sh æªæ¡æå¨çè·¯å¾çºï¸°
file:///usr/local/sbin/dovecot-mkcert.sh
dovecot-openssl.cnf çæªæ¡
å¦æä½ æé dovecot-mkcert.sh ä¾ä¸çç話ï¼ä½ æç¼è¦ºé shell script æéè¦ä¸åå«ä½ dovecot-openssl.cnf
OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-${SSLDIR}/dovecot-openssl.cnf}
å¦æä½ æ¯ä½¿ç¨ OpenBSD ç話ï¼ä½ è¦çæä¸ä»¶äºï¼å°±æ¯ OpenBSD ä¸ç dovecot ä¸çç¨å¼å ä¹æ dovecot-openssl.cnf æªæ¡çãå®æ¯æ¾å¨ file:///usr/local/share/examples/dovecot/dovecot-openssl.cnf ä½æ¯é script ä¸è¦ä½¿ç¨ä¾å»ºç« cert å key çè¨å®æªå»å¨ /etc/ssl/dovecot-openssl.cnf ä¸çï¼éå¯éè¦çæä¸ä¸ã
æª¢è¦ dovecot-openssl.cnf æªæ¡
以ä¸æ¯ dovecot-openssl.cnf çæªæ¡å §å®¹ã
[ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) #C=FI # State or Province Name (full name) #ST= # Locality Name (eg. city) #L=Helsinki # Organization (eg. company) #O=Dovecot # Organizational Unit Name (eg. section) OU=IMAP server # Common Name (*.example.com is also possible) CN=imap.example.com # E-mail contact emailAddress=postmaster@example.com [ cert_type ] nsCertType = server
å çºæ¯ dovecot source core ä¸æçæªæ¡ï¼æ以ç¡è« Fedora æè å ¶ OpenBSD çï¼å®ç dovecot-openssl.cnf é½æ¯ä¸æ¨£çã
æåç¨æçåçæ¹æ³ä¾è¨å®å®
å ¶å¯¦ä½ æ¯å¯ä»¥ä½¿ç¨å»ºç«ä¸è¬ SSL Key å cert çæ¹å¼ä¾å»ºç«å®çãè³æ¼ä¸åçæ¬ä½çæ義ä¹å¨ä¹ååæç網é ææ交代ã
http://www.samba.hk/?q=node/314
å¦ææ¯æçåçæ¹å¼ä¾è¨å® dovecot ç話ï¼ä½ å¯ä»¥ä½é樣çè¨å®ï¸°
CN = |
é裡填ä¸ä½ 伺æå¨ç FQDN ååãè¦çæçæ¯ä½ ç client 使ç¨ä½ååä¾é£æ¥ä½ ç imapd 伺æå¨ï¼å°±å¡«å ¥ä»éº¼ååã |
emailAddress = |
é裡è«å¡«å ¥ä½ é»éµä¼ºæå¨ç管çè ååãä¾å¦ï¸° ä½ é»éµä¼ºæå¨è² 責 swpearl.com ç話ï¼ä½ å¯è½å¨é裡éµå ¥ postmaster@swpearl.com ï¼é常ä¾èªªä¸åé»éµä¼ºæå¨ç®¡çè çå稱è æ¯ postmaster çã |
ä¾å¦ï¸°å¨ samba.hk çé»éµä¼ºæå¨ï¼å®éå ©åæ¬ä½å°±è¢«å¡«å ¥é樣çå¼ã
CN=mail.samba.hk emailAddres=postmaster@samba.hk
ä¿®æ¹ default_bits 以è´ææ´å¥½çå å¯æ æ³
å¦å¤ä½ å¯ä»¥ä¿®æ¹ default_bits ï¼ä»¥è´ææ´å¥½çå å¯ææãä¾å¦ï¸°ç¾å¨æ¯ä½¿ç¨ 1024 bit ä¾å å¯ï¼ä½ å¯ä»¥æå®å¢å è´ 2048 bit ï¼é£ç¸å° cracker è¦è§£éä½ ä¼ºæå¨å客æ¶ç«¯é£æ¥ææ交æçè³æï¼å°±éè¦å¤ä¸åæ以ä¸çæéã
default_bits = 2048
== ä½¿ç¨ dovecot-mkcert.sh
ä½ å¯è½ææ³ç¶è¨å®å¥½çæåï¼å°±å¯ä»¥ä½¿ç¨ dovecot-mkcert.sh ä¾å»ºç«å®ç cert å key çãä½æ¯ç¶ç¶å·è¡å®çæåï¼éæ¯æå¾å°ä¸åé¡å¤çä¿¡æ¯ï¼å°±æ¯èªª file:///etc/ssl/dovecotcert.pam æ¯åå¨çã
# dovecot-mkcert.sh /etc/ssl/dovecotcert.pem already exists, won't overwrite #
å ¶å¯¦ dovecot ä¾å®è£çæåå°±æ建ç«å ©åæªæ¡ãï¼ä¸åç系統ï¼éå ©åæªæ¡æå¨çè·¯å¾åæä¸åãä¾å¦å¨ OpenBSD ä¸éå ©åæªæ¡å¨ä»¥ä¸è·¯å¾ãï¼
éæ¯æ¾ç½® dovecot çå ¬ç¾åçæªæ¡ã |
|
éæ¯æ¾ç½® dovecot çç§é±ç§åçæªæ¡ã |
å çºä¸åç系統æä¸åçè·¯å¾ï¼æä»¥ä½ å¯ä»¥å åªé¤ç¬¬ä¸åå ±åºä¾çæªæ¡ï¼ä¾å¦ï¸°é裡å åªé¤ file:///etc/ssl/dovecotcert.pam å¾åå·è¡ dovecot-mkcert.sh ï¼é樣ç¨å¼å°±æå ±åºä½ éè¦åªé¤çæªæ¡ã
# dovecot-mkcert.sh /etc/ssl/private/dovecot.pem already exists, won't overwrite #
æéå ©åæªæ¡é½åªé¤æï¼ä½ å°±å¯ä»¥é å©å·è¡ dovecot-mkcert.sh ï¼åéæ°ç¢çæ¥æ¶ä¼ºæå¨ç SSL å¯ååå ¬ç¾åã
# dovecot-mkcert.sh Generating a 2048 bit RSA private key .............+++ ..................................................+++ writing new private key to '/etc/ssl/private/dovecot.pem' ----- subject= /OU=IMAP server/CN=mail.samba.hk/emailAddress=postmaster@samba.hk MD5 Fingerprint=BD:0C:0A:4A:AE:17:3B:E9:8A:D3:F7:9B:C3:5B:E9:0D #
å¨ dovecot.conf ä¸ä¸åå½±é¿ dovecot SSL é£ç·çè¨å®
éè£¡ä½ å¯ä»¥æª¢æ¥ä¸ä¸ä½ ç dovecot.conf ï¼å ¶ä¸æä¸åè¨å®æå½±é¿é£ç·çã
disable_plaintext_auth = no
å¨ OpenBSD ä¸ï¼éåæ¸è¢«è¨å®ä½ yes çæåï¼è¡¨ç¤ºèä¸æ¥åé以 SSL å å¯ä¸è½é£æ¥é»éµä¼ºæå¨ãå¦æä½ å¸æä½ ç dovecot ä¹èè½é ssl é£ç·èä¾è¦æ±é£æ¥çè«æ±æï¼è«æéååæ¸è¨ä½ no ã
å¨ dovecot.conf ä¸ç SSL åçè¨å®
å¦å¤ä½ ä¹å¯ä»¥çç dovecot.conf 以ä½å°æ¹æä½å®ç ssl åãéäºåæ¸å¦æä½ ä¸ç¥éææçæ義çºä½ï¼è«ä¸è¦ä¿®æ¹å®åã
... #ssl_disable = no ... ssl_cert_file = /etc/ssl/dovecotcert.pem ssl_key_file = /etc/ssl/private/dovecot.pem ...
éæä½ å·²ç¶è¨å®å¥½äº dovecot çæ°å å¯åäºãä½ å¯ä»¥éæ°èµ·å dovecot ï¼è®å®çæã
ä½¿ç¨ Outlook express ä¾é£æ¥å å¯å¾ç dovecot 伺æå¨
é¦å ä½ è¦çæçæ¯ Outlook express ç imap 伺æå¨ç login ä¸åªæ¯æ´ PLAIN ãæä»¥ä½ æ¯ä¸çæéä¸åé¸é è¨å®ä½ yes çãè«æª¢æ¥åä¿®æ¹é樣çè¨å®ä½å¦ä¸ï¸°
disable_plaintext_auth = no
å¦å¤ä½ ä¹è¦çæä¸äºï¼å°±æ¯å¦æä½ å¸æ Outlook express ä¹å¯ä»¥ä½¿ç¨ ssl é£ç·ç話æ¯å¯ä»¥çï¼ä½ åªéè¦ä¿®æ¹é裡çè¨å®ã
Upload new attachment "imap-ssl-com.jpg"
DovecotSsl/attachments/imap-ssl-com.jpg "imap-ssl-com")