smtp-tls配置笔记

anstan

重新编译postfix
# wget
ftp://postfix.cn99.com/postfix/official/postfix-2.2.9.tar.gz
# tar zxvf postfix-2.2.9.tar.gz
# cd postfix-2.2.9
# make -f Makefile.init makefiles \
'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -I/usr/local/include/sasl -DUSE_TLS' \
'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -lssl -lcrypto'
# make install

生成证书(for smtps)
# mkdir -p /etc/ssl/certs /etc/ssl/private
# openssl req -x509 -new -nodes -keyout /etc/ssl/mailkey.pem -out /etc/ssl/mailcert.pem -days 3650
提示让你输入一些信息
# chown root /etc/ssl/mailkey.pem
# chmod 400 /etc/ssl/mailkey.pem

配置postfix
# vi /etc/postfix/main.cf
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/mailkey.pem
smtpd_tls_cert_file = /etc/ssl/mailcert.pem
smtpd_tls_CAfile = /etc/ssl/mailcert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

测试
重启postfix服务
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220
www.test.com
ESMTP "Version not Available"
(输入)
ehlo localhost
250-www.test.com
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
如果看到
250-STARTTLS
说明tls正常了


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/2694/showart_86482.html