免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 1715 | 回复: 1

[Mail] qmail 支持SSL [复制链接]

论坛徽章:
0
发表于 2014-07-05 23:09 |显示全部楼层
开始对qmail增加TLS支持给于smtp和pop 服务,进入到如下目录,然后打上位于/usr/local/src下的netqmail-1.05-ucspitls-0.3.patch补丁,

#cd /usr/local/src/netqmail-1.05/netqmail-1.05
#patch -p2 < netqmail-1.05-ucspitls-0.3.patch


如果此时qmail为运行状态,则让其停止
#qmailctl stop

再次重新编译安装qmail
#make
#make setup check


配置证书
#mkdir /var/qmail/ssl
#chown root /var/qmail/ssl
#chmod 700 /var/qmail/ssl
#cd /var/qmail/ssl

#umask 077

#openssl req -new -x509 -keyout key.enc -out cert -days 720
haide1014

#openssl rsa -in key.enc -out key
haide1014
#openssl dhparam -out dhparam 1024

#groupadd ssl
#useradd -g ssl -d /var/qmail ssl

在/var/qmail/ssl/目录下,创立env文件,内容如下
# Set these three
SSL_USER=ssl
SSL_GROUP=ssl
SSL_DIR=/var/qmail/ssl
# Enable UCSPI-TLS
UCSPITLS=1
# The rest are set based on the above three
SSL_CHROOT="$SSL_DIR"
CERTFILE="$SSL_DIR/cert"
KEYFILE="$SSL_DIR/key"
DHFILE="$SSL_DIR/dhparam"
SSL_UID=`id -u "$SSL_USER"`
if [ $? -ne 0 ]; then echo "No such user '$SSL_USER'" >&2; exit; fi
SSL_GID=`id -g "$SSL_GROUP"`
if [ $? -ne 0 ]; then echo "No such group '$SSL_GROUP'" >&2; exit; fi
# Export the variables used by other scripts
export SSL_CHROOT SSL_UID SSL_GID UCSPITLS CERTFILE KEYFILE DHFILE


#umask 022

设置 qmail-smtpd脚本
Edit the qmail-smtpd run file, in /var/qmail/supervise/qmail-smtpd/run. There are three changes required:
The top of the file has several variable settings. Below these lines, include the SSL environment variable script we created above, using the shell's "dot" command, typed as a single period:

. /var/qmail/ssl/env

On the line that contains softlimit, add 10MB (10,000,000) the number after the -m flag. This allows qmail-smtpd to use the extra memory required for SSL. For example, if it's currently 2000000, you would have for that line:

exec /usr/local/bin/softlimit -m 12000000 \

On the line that contains tcpserver, change tcpserver to sslserver -e -n, leaving all of the other flags in place. The line will now look something like:

/usr/local/bin/sslserver -e -n -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "AXSMTPD" \


修改后的qmail-smtpd的run文件
#!/bin/sh
QmailDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
. /var/qmail/ssl/env
exec /usr/local/bin/softlimit -m 12000000 \
      /usr/local/bin/sslserver -e -n -v -R -l 0 \
      -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
    -u "$QmailDUID" -g "$NOFILESGID" 0 smtp \
    /var/qmail/bin/qmail-smtpd \
    /home/vpopmail/bin/vchkpw /bin/true 2>&1

重启qmail
#qmailctl start


Set up qmail-pop3d

Edit the qmail-pop3d run file, in /var/qmail/supervise/qmail-pop3d/run. There are three changes required:
Near the top of the file, between the #!/bin/sh line and the line that begins with exec, include the SSL environment variable script we created above, using the shell's "dot" command, typed as a single period:

. /var/qmail/ssl/env

On the line that contains softlimit, add 10MB (10,000,000) the number after the -m flag. This allows qmail-smtpd to use the extra memory required for SSL. For example, if it's currently 2000000, you would have for that line:


exec /usr/local/bin/softlimit -m 12000000 \

On the line that contains tcpserver, change tcpserver to sslserver -e -n, leaving all of the other flags in place. The line will now look something like:

/usr/local/bin/sslserver -e -n -v -R -H -l 0 0 110 /var/qmail/bin/qmail-popup \

修改后的qmail-pop3d文件如下:



重启qmail
#qmailctl restart


让Qmail的SMTP支持SSL认证
1、Change directory to /var/qmail/supervise:

cd /var/qmail/supervise

2、Create a service directory and log directory:

mkdir -p qmail-smtpd-ssl/log

3、Copy the run file from the original service, and make it executable:

cp qmail-smtpd/run qmail-smtpd-ssl/
chmod 755 qmail-smtpd-ssl/run

4、Edit the run file (qmail-smtpd-ssl/run) in the following ways:
On the line after . /var/qmail/ssl/env, add unset UCSPITLS
On the line that contains sslserver line, remove the -n flag.
On the next line, which will contain something like 0 smtp, change smtp to smtps; that tells sslserver to listen on the appropriate port for the SSL version of this service.

5、Set up a logging directory for this new service:
mkdir /var/log/qmail/smtpd-ssl
chown qmaill /var/log/qmail/smtpd-ssl

6、Set up the logging program for this new service, by creating a file in qmail-smtpd-ssl/log/run with these contents:
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t \
       /var/log/qmail/smtpd-ssl

Make sure the script is executable:

chmod 755 qmail-smtpd-ssl/log/run

7、Link the new service into the /service directory, to have it start automatically on boot:

ln -s /var/qmail/supervise/qmail-smtpd-ssl /service

8、Add the following to qmailctl's "start" section:

if svok /service/qmail-smtpd-ssl ; then
  svc -u /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log
else
  echo qmail-smtpd-ssl supervise not running
fi

9、Add the following to qmailctl's "stop" section:

echo "  qmail-smtpd-ssl"
svc -d /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log

10、Add the following to qmailctl's "stat" section:

svstat /service/qmail-smtpd-ssl
svstat /service/qmail-smtpd-ssl/log

11、Add the following to qmailctl's "pause" section:

echo "Pausing qmail-smtpd-ssl"
svc -p /service/qmail-smtpd-ssl

12、Add the following to qmailctl's "cont" section:

echo "Continuing qmail-smtpd-ssl"
svc -c /service/qmail-smtpd-ssl

14、Add the following to qmailctl's "restart" section:

echo "* Restarting qmail-smtpd-ssl."
svc -t /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log
原文:http://www.51itstudy.com/7814.html

论坛徽章:
223
2022北京冬奥会纪念版徽章
日期:2015-08-10 16:30:32操作系统版块每日发帖之星
日期:2016-05-10 19:22:58操作系统版块每日发帖之星
日期:2016-02-18 06:20:00操作系统版块每日发帖之星
日期:2016-03-01 06:20:00操作系统版块每日发帖之星
日期:2016-03-02 06:20:0015-16赛季CBA联赛之上海
日期:2019-09-20 12:29:3219周年集字徽章-周
日期:2019-10-01 20:47:4815-16赛季CBA联赛之八一
日期:2020-10-23 18:30:5320周年集字徽章-20	
日期:2020-10-28 14:14:2615-16赛季CBA联赛之广夏
日期:2023-02-25 16:26:26CU十四周年纪念徽章
日期:2023-04-13 12:23:10操作系统版块每日发帖之星
日期:2016-05-10 19:22:58
发表于 2014-07-06 19:43 |显示全部楼层
希望139能努力加把劲
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP