CentOS 7 postfix dovecot Openwebmail for 加密的 IMAP SMTP

 

CentOS 7:172.20.0.104

Windows 10:172.20.0.102

先設定 DNS Server

主要設定檔 /var/named/chroot/etc/named.conf

zone “vclass.local" {
        type master;
        file “vclass.local.zone";
};

zone “0.20.172.IN-ADDR.ARPA" {
        type master;
        file “172.20.0.zone";
};

正解 /var/named/chroot/var/named/vclass.local.zone

$TTL 86400
@ IN  SOA station.vclass.local. root.station.vclass.local. (
                2017101101      ;serial number
                1H              ;refresh slave
                5M              ;retry refresh
                1W              ;expire zone
                5M              ;cache time-to-live for negative answers
)

@                               IN  NS          station.vclass.local.

vclass.local.                   IN  MX   10 station.vclass.local.

@                                       IN  A           172.20.0.104
station.vclass.local.                   IN  A           172.20.0.104
http://www.vclass.local.                       IN  A           172.20.0.104
mail                                    IN  A           172.20.0.104

反解 /var/named/chroot/var/named/172.20.0.zone

$TTL 86400
@ IN SOA station.vclass.local. root.station.vclass.local. (
                2017101101      ;serial number
                1H              ;refresh slave
                5M              ;retry refresh
                1W              ;expire zone
                5M              ;cache time-to-live for negative answers
)

@                               IN  NS          station.vclass.local.

104.0.20.172.IN-ADDR.ARPA.      IN  PTR         station.vclass.local.

確認名稱解析都正常

image

從 Windows 10 解析也都正常

image

安裝套件 dovecot, postfix

yum install dovecot postfix

image

修改設定檔

/etc/dovecot/conf.d/10-mail.conf

mail_location = mbox:~/mail:INBOX=/var/mail/%u

image

/etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no【禁用純文字認證】

image

/etc/dovecot/dovecot.conf

protocols = pop3 imap【啟動 POP IMAP】

image

/etc/dovecot/conf.d/10-master.conf

service imap-login {
  inet_listener imap {
  }
  inet_listener imaps {
  }
}
service pop3-login {
  inet_listener pop3 {
  }
  inet_listener pop3s {
  }
}
service lmtp {
  unix_listener lmtp {
  }
}
service imap {
}
service pop3 {
}
service auth {
  unix_listener auth-userdb {
  }
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}
service auth-worker {
}
service dict {
  unix_listener dict {
  }
}

 

image

重新產生 dovecot 憑證

先準備產生憑證的設定檔

/etc/pki/dovecot/dovecot-openssl.cnf

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=TW

ST=TAIWAN

L=Taipei

#O=Dovecot

OU=IMAP server

CN=mail.vclass.local

emailAddress=alice@vclass.local

[ cert_type ]
nsCertType = server

image

產生 dovecot 憑證

openssl req -new -x509 -nodes -config /etc/pki/dovecot/dovecot-openssl.cnf -out /etc/pki/dovecot/certs/dovecot.pem -keyout /etc/pki/dovecot/private/dovecot.pem -days 3650

chown root:root /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem

chmod 0600 /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem

openssl x509 -subject -fingerprint -noout -in /etc/pki/dovecot/certs/dovecot.pem

image

啟動 dovecot

systemctl start dovecot

systemctl enable dovecot

再來換成 postfix

/etc/postfix/main.cf

 

postconf -e “inet_interfaces = all"
postconf -e “myorigin = vclass.local"
postconf -e “mydestination = $myhostname, localhost.$mydomain, localhost, vclass.local, mail.vclass.local"
postconf -e “mynetworks = 172.20.0.0/24″
postconf -e “smtpd_sasl_auth_enable = yes"
# 不開放匿名寄信,for security
# postconf -e “smtpd_sasl_security_options = noanonymous"
postconf -e “smtpd_sasl_type = dovecot"
postconf -e “smtpd_sasl_path = private/auth"
postconf -e “smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
postconf -e “smtpd_tls_security_level = may"

postconf -e “smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem"
postconf -e “smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem"

image

 

image

/etc/postfix/master.cf

submission inet n       –       n       –       –       smtpd

image

重新產生 postfix 憑證

先準備產生憑證的設定檔

/etc/pki/tls/postfix-openssl.cnf

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=TW

ST=Taiwan

L=Taipei

#O=Dovecot

OU=SMTP server

CN=mail.vclass.local

emailAddress=alice@vclass.local

[ cert_type ]
nsCertType = server

image

產生 postfix 憑證

openssl req -new -x509 -nodes -config /etc/pki/tls/postfix-openssl.cnf -out /etc/pki/tls/certs/postfix.pem -keyout /etc/pki/tls/private/postfix.pem -days 3650

chown root:root /etc/pki/tls/certs/postfix.pem /etc/pki/tls/private/postfix.pem

chmod 0600 /etc/pki/tls/certs/postfix.pem /etc/pki/tls/private/postfix.pem

openssl x509 -subject -fingerprint -noout -in /etc/pki/tls/certs/postfix.pem

image

重啟服務

systemctl restart postfix

systemctl enable postfix

systemctl start saslauthd

systemctl enable saslauthd

開啟 firewall

firewall-cmd –permanent –add-service=smtp

firewall-cmd –permanent –add-port=587/tcp

firewall-cmd –permanent –add-port=993/tcp

firewall-cmd –permanent –add-port=995/tcp

firewall-cmd –reload

建立測試用的使用者

useradd alice

echo password | passwd alice –stdin

usermod -aG mail alice

useradd bob

echo password | passwd bob –stdin

usermod -aG mail bob &>/dev/null

最後,如果有需要透過 WWW 分享 certificate 的話…

yum -y install httpd

cp /etc/pki/dovecot/certs/dovecot.pem /var/www/html/

chmod 444 /var/www/html/dovecot.pem

systemctl start httpd

systemctl enable httpd

firewall-cmd –permanent –add-service=http

firewall-cmd –reload

先在 Mail Server,使用指令驗證

切換成 alice,以 mutt 登入 imaps

mutt -f imaps://mail.vclass.local

image

image

確認登入的帳號為 alice

image

輸入密碼【password】

image

成功登入

image

驗證 postfix

telnet 172.20.0.104 25

image

打聲招呼

ehlo mail.vclass.local

image

另外開個視窗,產生 base64 encode

perl -MMIME::Base64 -e ‘print encode_base64(“\000alice\000password“);’

image

驗證 SMTP Auth

AUTH PLAIN AGFsaWNlAHBhc3N3b3Jk

image

驗證加密的 SMTP

openssl s_client -starttls smtp -crlf -connect mail.vclass.local:25

image

image

image

Windows 10 內建的郵件

image

Outlook的設定

image

image

image

最後來安裝 Openwebmail

參考文件:https://openwebmail.org/openwebmail/download/centos/el7/00.README.txt

下載 repo

cd /etc/yum.repos.d/

wget ftp://openwebmail.org/pub/openwebmail/el7/openwebmail-el7.repo

檔案 /etc/yum.repos.d/openwebmail-el7.repo

[openwebmail-el7]
name=Open WebMail for EL7
baseurl=ftp://openwebmail.org/pub/openwebmail/el7
enabled=1
gpgcheck=1
gpgkey=ftp://openwebmail.org/pub/openwebmail/RPM-GPG-KEY-openwebmail

直接使用 yum 安裝

yum install openwebmail

初始化

openwebmail-tool –init

修復權限的問題

openwebmail-tool –fix

image

安裝 mod_ssl,走 https 加密連線

yum install mod_ssl

systemctl restart httpd

firewall-cmd –permanent –add-service=https

firewall-cmd –reload

強制進入加密連線,準備的轉址的首頁 /var/www/html/index.html

<html>
<head>
<meta http-equiv="refresh" content="0; url=https://mail.vclass.local/cgi-bin/openwebmail/openwebmail.pl">
</head>
</html>

image

Browser 只需要輸入簡單的網址

image

自動轉向到 Openwebmail 的加密連線

image

image

大功告成!

本篇發表於 CentOS 6, CentOS 7, 網路, Linux, RHEL 7, Windows 10。將永久鏈結加入書籤。

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com 標誌

您的留言將使用 WordPress.com 帳號。 登出 /  變更 )

Google photo

您的留言將使用 Google 帳號。 登出 /  變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 /  變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 /  變更 )

連結到 %s