当前位置: 首页 > 图文教程 > 服务器 > Mail服务器 > 构建反病毒反垃圾邮件系统(四)
4、TLS支持
通过修改/usr/lib/ssl/misc/CA.pll脚本实现,以下修改后CA1.pl和未修改CA.pl之间的对比:
| 以下为引用的内容: ***CA.pl ---CA1.pl *************** ***59,69**** }elsif(/^-newcert$/){ #createacertificate !system("$REQ-new-x509-keyoutnewreq.pem-outnewreq.pem$DAYS"); $RET=$?; print"Certificate(andprivatekey)isinnewreq.pem\n" }elsif(/^-newreq$/){ #createacertificaterequest !system("$REQ-new-keyoutnewreq.pem-outnewreq.pem$DAYS"); $RET=$?; print"Request(andprivatekey)isinnewreq.pem\n"; }elsif(/^-newca$/){ ---59,69---- }elsif(/^-newcert$/){ #createacertificate !system("$REQ-new-x509-nodes-keyoutnewreq.pem-outnewreq.pem$DAYS"); $RET=$?; print"Certificate(andprivatekey)isinnewreq.pem\n" }elsif(/^-newreq$/){ #createacertificaterequest !system("$REQ-new-nodes-keyoutnewreq.pem-outnewreq.pem$DAYS"); $RET=$?; print"Request(andprivatekey)isinnewreq.pem\n"; }elsif(/^-newca$/){ |
| 以下为引用的内容: #cd/usr/local/ssl/misc #./CA1.pl-newca #./CA1.pl-newreq #./CA1.pl-sign #cpdemoCA/cacert.pem/etc/postfix/CAcert.pem #cpnewcert.pem/etc/postfix/cert.pem #cpnewreq.pem/etc/postfix/key.pem |
修改main.cf,添加:
| 以下为引用的内容: smtpd_tls_cert_file=/etc/postfix/cert.pem smtpd_tls_key_file=/etc/postfix/privkey.pem smtpd_use_tls=yes tls_random_source=dev:/dev/urandom tls_daemon_random_source=dev:/dev/urandom |
| 以下为引用的内容: #opensslreq-new-x509-days365-nodes-config/etc/ssl/openssl.cnf-outstunnel.pem-keyoutstunnel.pem #opensslgendh512>>stunnel.pem |
| 以下为引用的内容: #stunnel-d60025-r25-snobody-gnogroup #stunnel-d60110-r110-snobody-gnogroup |
建一个stunnel.conf文件:
| 以下为引用的内容: client=yes [pop3] accept=127.0.0.1:110 connect=192.168.7.144:60110 [smtp] accept=127.0.0.1:25 connect=192.168.7.144:60025 |
| 以下为引用的内容: #mkdir-p/home/vmail/test.org/san/ #chown-Rnobody.nogroup/home/vmail #chmod-R700/home/vmail mysql>usepostfix mysql>insertintotransportsetdomain='test.org',destination=' virtual:'; mysql>insertintouserssetemail='[email protected]',clear='test',name='',uid='65534',gid='6553-4', homedir='home/vmail',maildir='test.org/san/'; |
评论 (0) All