Postfix-TLS
出自DebianWiki
目錄 |
[編輯] 所需套件
postfix-tls openssl
[編輯] 簡介
為了安全上的因素,我們希望在網路任何連線的過程中,所有資訊都能夠經過加密,這樣子即使是網路封包遭到竊聽,被截走的資料也將會很難破解。
Postfix 也可以使用 TLS (Transport Layer Security) 來提供類似的功能。TLS 的前身即是赫赫有名的 SSL,使用公/私鑰技術來將連線資料進行加密。
[編輯] 讓 Postfix 支援 TLS
- 首先,進入 /etc/postfix 目錄中,並產生一組 公/私鑰:
# cd /etc/postfix/ # openssl req -new -x509 -nodes -out cert.pem Generating a 1024 bit RSA private key .....................++++++ ...++++++ writing new private key to 'privkey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:TW State or Province Name (full name) [Some-State]:Taiwan Locality Name (eg, city) []:Taipei Organization Name (eg, company) [Internet Widgits Pty Ltd]:fake Organizational Unit Name (eg, section) []:Admin Common Name (eg, YOUR name) []:Tetralet Email Address []:tetralet@fake.com
- 修改這組 公/私鑰 的權限,以策安全
# chown root:postfix cert.pem privkey.pem # chmod 640 cert.pem privkey.pem
- 修改 /etc/postfix/main.cf,加入 TLS 的相關設定
cat >> /etc/postfix/main.cf << EOF # Enable TLS Connection smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_key_file = /etc/postfix/privkey.pem smtpd_use_tls = yes tls_random_source = dev:/dev/urandom tls_daemon_random_source = dev:/dev/urandom EOF
- 修改 /etc/postfix/master.cf,把 smtps 前的註解刪掉以啟動 SMTPS
# only used by postfix-tls #tlsmgr fifo - - n 300 1 tlsmgr smtps inet n - n - - smtpd -v -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
- 重新啟動 Postfix
/etc/init.d/postfix restart
好了,大功告成!可以拿 Mozilla Mail 來試試是否可以正確使用 SMTPS 來寄信了!
![[Main Page]](/upload/4/49/Debian_taiwan_out.png)