Postfix Milter support update 关于Discuz!论坛软件Wap跨站脚本的预防
May 02

Postfix的TLS安装与设定

MailTech Add comments
作者: 肖建彬 | 可以转载, 转载时务必以超链接形式标明文章原始出处和作者信息及版权声明
网址:http://www.xiaojb.com/archives/mailtech/postfixtls.shtml

Postfix: http://www.postfix.org
OpenSSL: http://www.openssl.org

Configure: 

make -f Makefile.init makefiles \
AUXLIBS="-L/usr/lib/mysql -lmysqlclient -lz -lm -L/home/postfix/sasl/lib -lsasl2 -L/usr/lib -lssl -lcrypto" \
CCARGS='-DRECEIVED_ENVELOPE_FROM -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/home/postfix/sasl/include/sasl \
        -DUSE_TLS -I/usr/include/openssl -I/usr/kerberos/include \
        -DHAS_MYSQL -I/usr/include/mysql \
        -DDEF_COMMAND_DIR=\"/home/postfix/sbin\" \
        -DDEF_DAEMON_DIR=\"/home/postfix/libexec\" \
        -DDEF_PROGRAM_DIR=\"/home/postfix/libexec\" \
        -DDEF_QUEUE_DIR=\"/home/postfix/spool\" \
        -DDEF_CONFIG_DIR=\"/home/postfix/etc\" \
        -DDEF_SENDMAIL_PATH=\"/home/postfix/sbin/sendmail\" \
        -DDEF_MAILQ_PATH=\"/home/postfix/bin/mailq\" \
        -DDEF_NEWALIAS_PATH=\"/home/postfix/bin/newaliases\" \
        -DDEF_SAMPLE_DIR=\"/home/postfix/doc/sample\"' \
OPT='-O2'

Install:

make || exit 2
sh postfix-install -non-interactive \
       install_root=/ \
       config_directory=/home/postfix/etc \
       daemon_directory=/home/postfix/libexec \
       command_directory=/home/postfix/sbin \
       queue_directory=/home/postfix/spool \
       sendmail_path=/home/postfix/sbin/sendmail \
       newaliases_path=/home/postfix/bin/newaliases \
       mailq_path=/usr/bin/mailq \
       mail_owner=postfix \
       setgid_group=postdrop \
       manpage_directory=/home/postfix/man \
       sample_directory=/home/postfix/doc/sample \
       readme_directory=/home/postfix/doc/README_FILES

生成证书:

mkdir /home/postfix/etc/tls
cd /home/postfix/etc/tls

openssl req -new -x509 -nodes -out cert.pem
chown root:postfix *
chmod 640 *
cd ..

配置文件main.cf

#smtpd-tls
smtpd_tls_cert_file = $config_directory/tls/cert.pem
smtpd_tls_key_file = $config_directory/tls/privkey.pem
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urandom
#smtpd_tls_auth_only = yes

启动smtps的守护进程

smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_auth_only=yes

smtpd-tls-auth-only是指只有在安全传输的情况下,才可以认证。

大功告成,postfix reload后开始测试吧。

Leave a Reply