Настройка почтового клиента который будет работать с сервером PostFix по протоколу POP и IMAP (Plaintext Authentication)
Подготовка SSL сертификатов
# vi /etc/dovecot/dovecot.conf
# Protocols we want to be serving.
protocols = pop3 imap
service pop3-login {
inet_listener pop3 {
#port = 995
}
}
service imap-login {
inet_listener imap {
# port = 993
}
}
// Запрещаем plaintext аутентификацию
disable_plaintext_auth=yes
# ssl = yes
ssl=required
ssl_cert = </etc/pki/tls/certs/sysadm.ru.crt
ssl_key = </etc/pki/tls/private/sysadm.ru.key
# service dovecot restart
# ss -tpl | grep -E 'imaps|pop3s'
LISTEN 0 100 *:imaps *:* users:(("dovecot",22497,21))
LISTEN 0 100 *:pop3s *:* users:(("dovecot",22497,18))
### POSTFIX
# vi /etc/postfix/main.cf
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/pki/tls/private/sysadm.ru.key
smtpd_tls_cert_file = /etc/pki/tls/certs/sysadm.ru.crt
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# vi +/smtps /etc/postfix/master.cf
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# service postfix restart
# ss -tnpl | grep 465
LISTEN 0 100 :::465 :::* users:(("master",22800,18))
LISTEN 0 100 *:465 *:* users:(("master",22800,17))
# netstat --inet -lpn | grep -E 'master|dovecot'
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 22643/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 22643/dovecot
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 22800/master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 22800/master
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 22643/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 22643/dovecot
# openssl s_client -connect sysadm.ru:993
CONNECTED(00000003)
depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = [email protected]
verify error:num=18:self signed certificate
verify return:1
depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = [email protected]
verify return:1
---
Certificate chain
0 s:/OU=IMAP server/CN=imap.example.com/emailAddress=[email protected]
i:/OU=IMAP server/CN=imap.example.com/emailAddress=[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICQzCCAaygAwIBAgIJAPVqqiSPuIClMA0GCSqGSIb3DQEBBQUAMFgxFDASBgNV
BAsTC0lNQVAgc2VydmVyMRkwFwYDVQQDExBpbWFwLmV4YW1wbGUuY29tMSUwIwYJ
KoZIhvcNAQkBFhZwb3N0bWFzdGVyQGV4YW1wbGUuY29tMB4XDTEzMTIyMzE5NDEx
MloXDTE0MTIyMzE5NDExMlowWDEUMBIGA1UECxMLSU1BUCBzZXJ2ZXIxGTAXBgNV
BAMTEGltYXAuZXhhbXBsZS5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0ZXJA
ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANSH89JXO7Kt
/+C18qSBV/qXzfw0OqbR4oQpOWuEE9Fs+O9rwvY90u4nCC48IVVjDr5+zc6OvqL9
cBqMZ2wU3uyagdtlf3IAB5Td04euDXfbKuAiI2A3SwpIad31e5JVwFl8Iiqnjv6U
noctcmQ8Ha4iyfaWNpESY+fK7XxbUUPvAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE
AwIGQDANBgkqhkiG9w0BAQUFAAOBgQBILeEI527CUXUNfDNKua35akrJ9u9iKLq5
518vpdofBgUYJ7quGoRRkMCnBBuvEINFPYs1tTqpV/gg0l4HUtvv2c8WAhV3cz+2
Z/fKXlBU5iaJ8iwqF1fcEno8+sMC+FMDpQyxxElILphHAIKkk3CSorj1rxygGf6J
Bj2PxyNCuA==
-----END CERTIFICATE-----
subject=/OU=IMAP server/CN=imap.example.com/emailAddress=[email protected]
issuer=/OU=IMAP server/CN=imap.example.com/emailAddress=[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 1300 bytes and written 453 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: C7C6B54D1E737BF926B20D5632DDE0FEAF95F5F00C1DF420F6661EA8524BF17D
Session-ID-ctx:
Master-Key: F7AF586BCD612BAE4044E5222201A806D0176CC791A7EC1884BADD05435C3EFA5B242A3952BE29A04CD669CC11C579D0
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 6a eb 6e 51 89 96 26 ee-8c fb ed 77 66 99 48 80 j.nQ..&....wf.H.
0010 - 6d 73 f9 50 49 ab d0 6f-e0 ed a5 87 09 ba 2a 9c ms.PI..o......*.
0020 - 76 ea 52 b6 b8 5d a4 0a-dc fa 70 54 b4 35 d7 1b v.R..]....pT.5..
0030 - cb a8 9c 27 ac 99 2d 41-a8 c9 44 5b 8c 5b c0 a2 ...'..-A..D[.[..
0040 - f1 43 e5 b4 11 49 e8 64-d9 59 43 be 5b 00 2e e2 .C...I.d.YC.[...
0050 - 22 08 2c 44 e4 0a 8b 99-19 c5 bf db 8a ef e5 90 ".,D............
0060 - f0 57 51 be c9 e5 45 04-cc 6a 60 80 9c 58 3b a4 .WQ...E..j`..X;.
0070 - 52 2e 42 da 7a 45 02 aa-f7 ae 92 93 7c 64 ae 00 R.B.zE......|d..
0080 - 30 d4 97 8c a6 ef 55 6f-2f 6f d5 ab e5 4c a1 a0 0.....Uo/o...L..
0090 - 46 25 b3 5b 20 72 db a6-a9 56 51 5c c6 7d ef a9 F%.[ r...VQ\.}..
Start Time: 1387885046
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] POP3/IMAP server ready.
a login bill.gates 1234
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
b select inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 3 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1387822975] UIDs valid
* OK [UIDNEXT 4] Predicted next UID
* OK [HIGHESTMODSEQ 6] Highest
b OK [READ-WRITE] Select completed.
=======================================================
=======================================================
Что можно почитать
=======================================================
=======================================================
http://www.rosehosting.com/blog/set-up-ssl-encrypted-connection-in-postfix-dovecot-and-apache/
http://habrahabr.ru/post/106314/
