您的位置：首页 > 其它

Postfix邮箱(五)：安装Courier-IMAP以及TLS安全传输

2014-12-17 09:45 531 查看

说明：Courier-IMAP用于实现 pop3、imap 接收邮件功能，支持TLS安全传输；
SMTP同样可以支持TLS安全传输，本文最后将列出配置；
Transport Layer Security (TLS, 原名SSL)，能以加密技术来保证TCP通信的私密性（信息不外泄）与完整性。

一、实现POP3、IMAP基本功能
1、安装Courier-IMAP

[root@mail ~]# cd /usr/local/src
[root@mail src]# wget http://ncu.dl.sourceforge.net/project/courier/imap/4.15.1/courier-imap-4.15.1.tar.bz2 [root@mail src]# tar -jxf courier-imap-4.15.1.tar.bz2
[root@mail src]# cd courier-imap-4.15.1
[root@mail courier-imap-4.15.1]# ./configure  --enable-workarounds-for-imap-client-bugs --with-authchangepwdir --enable-unicode --with-trashquota --disable-root-check
[root@mail courier-imap-4.15.1]# make
[root@mail courier-imap-4.15.1]# make install
[root@mail courier-imap-4.15.1]# make install-configure

查看安装说明：

[root@mail courier-imap-4.15.1]# more INSTALL

软件包已上传到以下链接：
http://down.51cto.com/data/1955875

2、启动程序

[root@mail courier-imap-4.15.1]# cd /usr/lib/courier-imap/
[root@mail courier-imap]# /usr/lib/courier-imap/libexec/imapd.rc start
[root@mail courier-imap]# echo "/usr/lib/courier-imap/libexec/imapd.rc start" >> /etc/rc.local
[root@mail courier-imap]# ps aux|grep imapd
root     46134  0.0  0.0   4068   340 ?        S    16:41   0:00 /usr/local/sbin/courierlogger -pid=/var/run/imapd.pid -start -name=imapd /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 143 /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir
root     46135  0.1  0.0   8280   636 ?        S    16:41   0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 143 /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir
root     46137  0.0  0.0 103256   848 pts/1    S+   16:41   0:00 grep imapd
[root@mail courier-imap]# netstat -tnlp|grep 143
tcp6       0      0 :::143                  :::*                    LISTEN      32666/couriertcpd

[root@mail courier-imap]# /usr/lib/courier-imap/libexec/pop3d.rc start
[root@mail courier-imap]# echo "/usr/lib/courier-imap/libexec/pop3d.rc start" >> /etc/rc.local
[root@mail courier-imap]# ps aux|grep pop3d
root     46149  0.0  0.0   4068   344 ?        S    16:42   0:00 /usr/local/sbin/courierlogger -pid=/var/run/pop3d.pid -start -name=pop3d /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 110 /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir
root     46150  0.0  0.0   8280   632 ?        S    16:42   0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 110 /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir
root     46155  0.0  0.0 103256   848 pts/1    S+   16:42   0:00 grep pop3d
[root@mail courier-imap]# netstat -tnlp|grep 110
tcp6       0      0 :::110                  :::*                    LISTEN      32761/couriertcpd

说明：以上分别启动了pop3d和imapd服务，端口使用110和143，通常在设置邮箱客户端(outlook等)时可以看到默认设置的端口号就是这两个。

3、设置imapd、pop3为启用状态

[root@mail courier-imap]# sed -i 's/IMAPDSTART=NO/IMAPDSTART=YES/g' etc/imapd
[root@mail courier-imap]# sed -i 's/POP3DSTART=NO/POP3DSTART=YES/g' etc/pop3d

4、设置防火墙

[root@mail ~]# iptables -I INPUT -p tcp -m multiport --dport 110,143 -j ACCEPT
[root@mail ~]# service iptables save

5、测试端口连接

[root@mail courier-imap]# telnet localhost 110
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Hello there.
user postmaster@yourmail.com      #输入用户账号
+OK Password required.
pass extmail                      #输入用户密码
+OK logged in.
list                              #显示邮件列表
+OK POP3 clients that break here, they violate STD53.
1 6
2 716
3 923
4 1197
.
quit                              #退出
+OK Bye-bye.
Connection closed by foreign host.

[root@mail courier-imap]# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA
IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready.
Copyright 1998-2011 Double Precision, Inc.
See COPYING for distribution information.
tag login postmaster@yourmail.com extmail   #输入登陆账号、密码
tag OK LOGIN Ok.                            #显示登陆成功
tag logout                                  #退出
* BYE Courier-IMAP server shutting down
tag OK LOGOUT completed
Connection closed by foreign host.

说明：POP3和IMAP功能正常

二、增加SSL支持

1、安装OpenSSL
安装httpd时已自动安装上了OpenSSL：

[root@mail courier-imap]# rpm -aq|grep openssl
openssl-1.0.1e-30.el6_6.4.x86_64
openssl-devel-1.0.1e-30.el6_6.4.x86_64

2、配置Courier-IMAP支持SSL

[root@mail courier-imap]# sed -i 's/IMAPDSSLSTART=NO/IMAPDSSLSTART=YES/g' etc/imapd-ssl
[root@mail courier-imap]# sed -i 's/POP3DSSLSTART=NO/POP3DSSLSTART=YES/g' etc/pop3d-ssl

3、启动Courier-IMAP的ssl程序

[root@mail courier-imap]# /usr/lib/courier-imap/libexec/imapd-ssl.rc start
[root@mail courier-imap]# /usr/lib/courier-imap/libexec/pop3d-ssl.rc start
[root@mail courier-imap]# echo "/usr/lib/courier-imap/libexec/imapd-ssl.rc start" >> /etc/rc.local
[root@mail courier-imap]# echo "/usr/lib/courier-imap/libexec/pop3d-ssl.rc start" >> /etc/rc.local
[root@mail courier-imap]# netstat -tlnp |grep 99
tcp        0      0 :::993                      :::*                        LISTEN      46228/couriertcpd
tcp        0      0 :::995                      :::*                        LISTEN      46236/couriertcpd

说明：POP3-SSL使用995端口，IMAP-SSL使用993端口

4、创建证书
（1）创建IMAP证书文件：

[root@mail courier-imap]# /usr/lib/courier-imap/share/mkimapdcert
Generating a 4096 bit RSA private key
......................++
..........................++
writing new private key to '/usr/lib/courier-imap/share/imapd.pem'
-----
subject= /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated IMAP SSL key/CN=localhost/emailAddress=postmaster@example.com
notBefore=Nov 27 06:15:20 2014 GMT
notAfter=Nov 27 06:15:20 2015 GMT
SHA1 Fingerprint=B8:E2:AC:54:27:90:BA:20:33:92:89:DE:AB:EA:1B:2D:DC:11:8A:37

（2）创建POP3证书文件：

[root@mail courier-imap]# /usr/lib/courier-imap/share/mkpop3dcert
Generating a 4096 bit RSA private key
.......................................++
......................................++
writing new private key to '/usr/lib/courier-imap/share/pop3d.pem'
-----
subject= /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated POP3 SSL key/CN=localhost/emailAddress=postmaster@example.com
notBefore=Nov 27 06:22:05 2014 GMT
notAfter=Nov 27 06:22:05 2015 GMT
SHA1 Fingerprint=48:21:D9:4D:DE:A7:64:7F:CD:A0:68:79:E4:2A:2F:59:62:BE:9D:E6

（3）创建DH参数集文件：

[root@mail courier-imap]# /usr/lib/courier-imap/share/mkdhparams
512 semi-random bytes loaded
Generating DH parameters, 768 bit long safe prime, generator 2
This is going to take a long time
..............++*++*++*++*

（4）查看证书文件和DH参数集文件：

[root@mail courier-imap]# ls /usr/lib/courier-imap/share/
dhparams.pem  imapd.pem  pop3d.pem

5、加密连接
添加一个月计划任务，运行mkdhparams,以定期生成一个新的DH参数集，用于设置加密连接：

[root@mail courier-imap]# crontab -e
0 0 1 1 * /usr/lib/courier-imap/share/mkdhparams

6、设置防火墙

[root@mail ~]# iptables -I INPUT -p tcp -m multiport --dport 993,995 -j ACCEPT
[root@mail ~]# service iptables save

7、测试pop3d-ssl

在客户端PC（或者本地DNS服务器）设置本地解析：

C:\Windows\System32\drivers\etc\hosts
10.188.1.83 pop3.yourmail.com
10.188.1.83 smtp.yourmail.com
10.188.1.83 imap.yourmail.com
10.188.1.83 mail.yourmail.com

在Foxmail邮箱客户端添加test账号，选择POP3类型，勾上SSL端口995，SMTP保持默认25端口

给test自己发送一封邮件并接收，成功表示pop3d-ssl成功
查看日志：

[root@mail courier-imap]# tailf /var/log/maillog
Dec  2 09:10:02 mail postfix/smtpd[4051]: connect from unknown[10.188.1.172]
Dec  2 09:10:02 mail postfix/smtpd[4051]: 583221A1BCC: client=unknown[10.188.1.172], sasl_method=LOGIN, sasl_username=test@yourmail.com
Dec  2 09:10:02 mail postfix/cleanup[4061]: 583221A1BCC: message-id=<201412020909527054540@yourmail.com>
Dec  2 09:10:02 mail postfix/qmgr[64225]: 583221A1BCC: from=<test@yourmail.com>, size=1470, nrcpt=1 (queue active)
Dec  2 09:10:02 mail postfix/smtpd[4051]: disconnect from unknown[10.188.1.172]
Dec  2 09:10:02 mail postfix/pipe[4063]: 583221A1BCC: to=<test@yourmail.com>, relay=maildrop, delay=0.16, delays=0.11/0.02/0/0.03, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec  2 09:10:02 mail postfix/qmgr[64225]: 583221A1BCC: removed
Dec  2 09:10:04 mail pop3d-ssl: Connection, ip=[::ffff:10.188.1.172]
Dec  2 09:10:04 mail pop3d-ssl: LOGIN, user=test@yourmail.com, ip=[::ffff:10.188.1.172], port=[50258]
Dec  2 09:10:04 mail pop3d-ssl: LOGOUT, user=test@yourmail.com, ip=[::ffff:10.188.1.172], port=[50258], top=0, retr=1497, rcvd=32, sent=1769, time=0, stls=1

说明：邮件发送仍然使用SMTP的25端口，邮件接收可以看到使用的是pop3d-ssl进行的连接。
查看邮件头：

8、测试imap-ssl
在Foxmail邮箱客户端添加test账号，选择IMAP类型，勾上SSL 端口993，SMTP保持默认25端口
给test自己发送一封邮件并接收，成功表示imap-ssl成功
查看日志：

[root@mail courier-imap]# tailf /var/log/maillog
Dec  2 09:54:34 mail postfix/smtpd[4206]: connect from unknown[10.188.1.172]
Dec  2 09:54:34 mail postfix/smtpd[4206]: 8F37D1A1BAC: client=unknown[10.188.1.172], sasl_method=LOGIN, sasl_username=test@yourmail.com
Dec  2 09:54:34 mail postfix/cleanup[4216]: 8F37D1A1BAC: message-id=<201412020954270473792@yourmail.com>
Dec  2 09:54:34 mail postfix/qmgr[64225]: 8F37D1A1BAC: from=<test@yourmail.com>, size=1516, nrcpt=1 (queue active)
Dec  2 09:54:34 mail postfix/smtpd[4206]: disconnect from unknown[10.188.1.172]
Dec  2 09:54:34 mail postfix/pipe[4218]: 8F37D1A1BAC: to=<test@yourmail.com>, relay=maildrop, delay=0.18, delays=0.11/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec  2 09:54:34 mail postfix/qmgr[64225]: 8F37D1A1BAC: removed
Dec  2 09:55:47 mail imapd-ssl: Connection, ip=[::ffff:10.188.1.172]
Dec  2 09:55:47 mail imapd-ssl: LOGIN, user=test@yourmail.com, ip=[::ffff:10.188.1.172], port=[52061], protocol=IMAP

说明：可以看到邮件接收使用的是imapd-ssl。

问题：日志出中现错误
[root@mail ~]# tail /var/log/httpd/ssl_error.log
Prototype mismatch: sub Encode::IMAPUTF7::decode ($$;$) vs none at /var/www/extsuite/extman/libs/Encode/IMAPUTF7.pm line 76
/var/www/extsuite/extman/libs/Encode/IMAPUTF7.pm
解决：将“no warnings 'redefine';^M”那一行修改成“no warnings;”或“no warnings qw(prototype redefine);”

三、配置Postfix(SMTP)支持SSL
参考：

http://www.postfix.org/TLS_README.html
1、安装OpenSSL-Perl

[root@mail ~]# rpm -aq|grep openssl
openssl-1.0.1e-30.el6_6.4.x86_64
openssl-devel-1.0.1e-30.el6_6.4.x86_64
[root@mail ~]# yum install -y openssl-perl

会在/etc/pki/tls/misc/目录下生成CA.pl脚本，
让你可以自己开设 CA，自己签署自己的证书。

2、生成服务器根证书

[root@mail ~]# cd /etc/pki/tls/misc/
[root@mail misc]# ./CA.pl -newca
CA certificate filename (or enter to create)      #按回车开始
#在下面的设置过程中，输错了可以按ctrl+backspce进行删除
Making CA certificate ...
Generating a 2048 bit RSA private key
..............................+++
................+++
writing new private key to '/etc/pki/CA/private/cakey.pem'
Enter PEM pass phrase:123456                      #输入密码，至少4个字符
Verifying - Enter PEM pass phrase:123456          #重复输入密码
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN               #输入国家
State or Province Name (full name) []:zhejiang     #输入省份
Locality Name (eg, city) [Default City]:hangzhou   #输入城市
Organization Name (eg, company) [Default Company Ltd]:yourmail  #输入公司名
Organizational Unit Name (eg, section) []:it       #输入部门名
Common Name (eg, your name or your server s hostname) []:root   #输入你的名字或服务器名
Email Address []:                                  #输入邮箱账号（可不填）
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:                           #输入证书请求密码（可不填）
An optional company name []:                       #输入可选公司名（可不填）
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/cakey.pem:123456 #输入前面设的密码123456
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 14986867786496351857 (0xcffc0cd915dc1e71)
Validity
Not Before: Nov 28 02:06:59 2014 GMT
Not After : Nov 27 02:06:59 2017 GMT
Subject:
countryName               = CN
stateOrProvinceName       = zhejiang
organizationName          = yourmail
organizationalUnitName    = it
commonName                = root
X509v3 extensions:
X509v3 Subject Key Identifier:
12:6E:1A:A9:98:79:E1:A6:82:7E:A4:D8:FD:44:5D:57:FF:4B:46:69
X509v3 Authority Key Identifier:
keyid:12:6E:1A:A9:98:79:E1:A6:82:7E:A4:D8:FD:44:5D:57:FF:4B:46:69
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Nov 27 02:06:59 2017 GMT (1095 days)
Write out database with 1 new entries
Data Base Updated

说明：显示上面资料表示成功，否则失败；失败时删除cakey.pem后重新执行CA.pl：

[root@mail misc]# rm -f /etc/pki/CA/private/cakey.pem
[root@mail misc]# ./CA.pl -newca

创建证书目录，将生成的根证书复制进去（也可以复制到/etc/postfix目录下）：

[root@mail misc]# mkdir /etc/pki/myca
[root@mail misc]# cp /etc/pki/CA/cacert.pem /etc/pki/myca

3、生成私钥和CSR证书签署请求文件

[root@mail misc]# cd /etc/pki/myca
[root@mail myca]# openssl req -new -nodes -keyout mailkey.pem -out mailreq.pem -days 3650
Generating a 2048 bit RSA private key
...................................+++
....................+++
writing new private key to 'mailkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:zhejiang
Locality Name (eg, city) [Default City]:hangzhou
Organization Name (eg, company) [Default Company Ltd]:yourmail
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server s hostname) []:root
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

参数说明：-new表示你想产生公私钥与CSR，-nodes表示不加密，-keyout指出私钥文件，
-out指出CSR文件的名称，-days指出证书的有效期限是10年。

查看生成的文件：

[root@mail myca]# ll
总用量 16
-rw-r--r--. 1 root root 4291 12月  2 14:08 cacert.pem  #根证书
-rw-r--r--. 1 root root 1704 12月  2 14:09 mailkey.pem #私钥
-rw-r--r--. 1 root root  997 12月  2 14:09 mailreq.pem #CSR文件

修改私钥权限保证安全（只有root用户可读）：

[root@mail myca]# chown root mailkey.pem
[root@mail myca]# chmod 400 mailkey.pem

4、签署CSR文件

[root@mail myca]# openssl ca -out mailcert.pem -infiles mailreq.pem
failed to update database
TXT_DB error number 2

产生的原因是:证书的设置相同，导致subject值相同
解决方法：将"主题唯一"设为不必须

[root@mail myca]# vi /etc/pki/CA/index.txt.attr
unique_subject = no

[root@mail myca]# openssl ca -out mailcert.pem -infiles mailreq.pem
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/cakey.pem:123456
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 14986867786496351859 (0xcffc0cd915dc1e73)
Validity
Not Before: Dec 2 05:27:44 2014 GMT
Not After : Dec 2 05:27:44 2015 GMT
Subject:                      #主题参数
countryName               = CN
stateOrProvinceName       = zhejiang
organizationName          = yourmail
organizationalUnitName    = it
commonName                = root
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
17:71:C5:65:AA:7D:56:BF:3A:6F:9D:84:3B:E2:12:57:58:B6:32:04
X509v3 Authority Key Identifier:
keyid:9C:7C:C0:ED:30:2A:FE:0C:E7:0D:C3:F8:9E:E0:35:41:8E:25:2C:48
Certificate is to be certified until Dev 2 05:27:44 2015 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

查看生成的文件：

[root@mail myca]# ll
总用量 24
-rw-r--r--. 1 root root 4291 12月  2 14:08 cacert.pem   #根证书
-rw-r--r--. 1 root root 4430 12月  2 14:11 mailcert.pem #公钥
-r--------. 1 root root 1704 12月  2 14:09 mailkey.pem  #私钥
-rw-r--r--. 1 root root  997 12月  2 14:09 mailreq.pem  #CSR文件

5、配置postfix

[root@mail myca]# vi /etc/postfix/main.cf
# Postfix作为SMTP服务端的TLS配置
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/pki/myca/mailkey.pem
smtpd_tls_cert_file = /etc/pki/myca/mailcert.pem
smtpd_tls_CAfile = /etc/pki/myca/cacert.pem
# smtpd_tls_security_level = encrypt
# 表示强制使用TLS加密，不建议，会导致丢失courier-authlib认证
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_enforce_tls = yes
smtpd_tls_loglevel = 2
# Postfix作为SMTP客户端的TLS配置
smtp_use_tls = yes
smtp_tls_key_file = /etc/pki/myca/mailkey.pem
smtp_tls_cert_file = /etc/pki/myca/mailcert.pem
smtp_tls_CAfile = /etc/pki/myca/cacert.pem
#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy_maps
#TLS限制策略，有需要的百度下如何设置

[root@mail myca]# vi /etc/postfix/master.cf
smtps    inet    n    -    n    -    -    smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes

[root@mail myca]# service postfix reload
[root@mail myca]# netstat -tnlp|grep 465
tcp        0      0 0.0.0.0:465                 0.0.0.0:*                   LISTEN      64222/master
tcp        0      0 :::465                      :::*                        LISTEN      64222/master

6、设置防火墙

[root@mail ~]# iptables -I INPUT -p tcp --dport 465 -j ACCEPT
[root@mail ~]# service iptables save

7、本地端口测试

[root@mail ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.eplantstore.com ESMTP Postfix - by eplantstore.com
ehlo localhost                #输入hello内容
250-mail.eplantstore.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS                  #表示TLS运行了
250-AUTH PLAIN LOGIN          #如果没有出现这两行
250-AUTH=PLAIN LOGIN          #修改smtpd_tls_security_level = may不强制使用TLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls                      #输入TLS命令
220 2.0.0 Ready to start TLS  #出现这行表示成功

查看日志：

[root@mail myca]# tailf /var/log/maillog
Dec  2 14:42:21 mail postfix/smtpd[5315]: connect from localhost[::1]
Dec  2 14:45:50 mail postfix/smtpd[5315]: setting up TLS connection from localhost[::1]
Dec  2 14:45:50 mail postfix/smtpd[5315]: localhost[::1]: TLS cipher list "ALL:+RC4:@STRENGTH"
Dec  2 14:45:50 mail postfix/smtpd[5315]: SSL_accept:before/accept initialization

8、客户端发送邮件测试
在Foxmail邮箱客户端修改test账号，勾上SMTP的SSL：465

给test自己发送一封邮件，查看日志：

[root@mail myca]# tailf /var/log/maillog
Dec  2 14:18:45 mail postfix/smtpd[5103]: initializing the server-side TLS engine
Dec  2 14:18:45 mail postfix/smtpd[5103]: connect from unknown[10.188.1.172]
Dec  2 14:18:45 mail postfix/smtpd[5103]: setting up TLS connection from unknown[10.188.1.172]
Dec  2 14:18:45 mail postfix/smtpd[5103]: unknown[10.188.1.172]: TLS cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:before/accept initialization
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 read client hello A
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 write server hello A
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 write certificate A
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 write key exchange A
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 write server done A
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 flush data
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 read client key exchange A
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 read finished A
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 write change cipher spec A
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 write finished A
Dec  2 14:18:45 mail postfix/smtpd[5103]: SSL_accept:SSLv3 flush data
Dec  2 14:18:45 mail postfix/smtpd[5103]: Anonymous TLS connection established from unknown[10.188.1.172]: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec  2 14:18:45 mail postfix/smtpd[5103]: 9B5791A1BCE: client=unknown[10.188.1.172], sasl_method=LOGIN, sasl_username=test@yourmail.com
Dec  2 14:18:45 mail postfix/cleanup[5113]: 9B5791A1BCE: message-id=<201412021416537923991@yourmail.com>
Dec  2 14:18:45 mail postfix/qmgr[5059]: 9B5791A1BCE: from=<test@yourmail.com>, size=1578, nrcpt=1 (queue active)
Dec  2 14:18:45 mail postfix/pipe[5115]: 9B5791A1BCE: to=<test@yourmail.com>, relay=maildrop, delay=0.18, delays=0.12/0.02/0/0.04, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec  2 14:18:45 mail postfix/qmgr[5059]: 9B5791A1BCE: removed

接收下邮件，查看邮件头信息；

结论：Postfix成功支持TLS发送邮件。
本文出自 “月晴星飞” 博客，请务必保留此出处http://ywzhou.blog.51cto.com/2785388/1590905

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签：

相关文章推荐

新的分享

章节导航