[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[postfix-jp: 4349] SMTP oer SSL/TLSãããããã
- Subject: [postfix-jp: 4349] SMTP oer SSL/TLSãããããã
- From: æè <watanove@xxxxxxxxxxx>
- Date: Mon, 28 Mar 2016 08:10:02 +0900
æèããã
localhostããããããããããSMTPããããããããã
SMTP over SSL/TLSããããããã
äãæãããåãããããããããèåãããæãããã
ãããããæãããçãããææããããããããï
ãããããéããããã
OS
---------------------------------------------------------------------------
CentOS Linux release 7.2.1511 (Core)
Postfix
---------------------------------------------------------------------------
Version : 2.10.1
Release : 6.el7
Dovecot
---------------------------------------------------------------------------
Version : 2.2.10
Release : 5.el7
Openssl
---------------------------------------------------------------------------
Version : 1.0.1e
Release : 51.el7_2.4
postconf -n
---------------------------------------------------------------------------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mua_client_restrictions = permit_sasl_authenticated,reject
mua_helo_restrictions = permit_sasl_authenticated,reject
mua_sender_restrictions = permit_sasl_authenticated,reject
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = yotuba-hd.jp
myhostname = mail.yotuba-hd.jp
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = $mydestination
relayhost =
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname Mail System
smtpd_client_restrictions = permit_mynetworks,reject_unknown_client_hostname,permit
smtpd_etrn_restrictions = permit_mynetworks,reject
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_local_recipient_reject_code = 550
master.cf
---------------------------------------------------------------------------
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
POP3 over SSL/TLS 995ãopensslãããããçèããããããããããã
openssl s_client -connect localhost:995
---------------------------------------------------------------------------
CONNECTED(00000003)
depth=0 C = JP, (ääççï
verify error:num=18:self signed certificate
verify return:1
depth=0 C = JP, (ääççï
verify return:1
---
Certificate chain
0 s:/C=JP/(ääççï
i:/C=JP/(ääççï
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICyTCCAjKgAwIBAgIJAMWIIUhI1TJcMA0GCSqGSIb3DQEBBQUAMIGaMQswCQYD
(ççããããï
UKoaxaP7E0i3h27dDqzF3nFUKAxZne3bEbDSijkOLyNiWlhjw+iQYmvVJgwQ
-----END CERTIFICATE-----
subject=/C=JP/(ääççï
issuer=/C=JP/(ääççï
---
No client certificate CA names sent
Server Temp Key: ECDH, secp384r1, 384 bits
---
SSL handshake has read 1280 bytes and written 405 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 3789EA55C54C91AD4CFCFB08F935E9E1F4DEEB6D4CBDC1AD6A3B3679AE020C5A
Session-ID-ctx:
Master-Key: E583E7932E7F6974402D67DD336467E863A2A7A4146E38C763C6DA9971737D6585871604459186FF1D8B31B141532D08
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 53 8c 09 60 ce 13 11 73-0d 9b 9d 2d 15 67 e8 06 S..`...s...-.g..
ãã(ççããããï
Start Time: 1459117361
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
+OK Dovecot ready.
ããããããåäãäèãããããã
ããããsmtp over ssl/tlsãæçããããããã
æããããååãèããããopensslãããããçããããããããã
openssl s_client -connect localhost:465
---------------------------------------------------------------------------
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
systemctl status postfixãæããããèåãåããpermissionãèããããèããããããããããã
---------------------------------------------------------------------------
warning: cannot get RSA certificate from file /etc/pki/dovecot/certs/dovecot.pem: disabling TLS support
warning: TLS library problem: 30954:error:0200100D:system library:fopen:Permission denied:bss_file.c:398:fopen('/etc/pki/dovecot/certs/dovecot.pem','r'):
warning: TLS library problem: 30954:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
warning: TLS library problem: 30954:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722:
connect from localhost[127.0.0.1]
warning: Wrapper-mode request dropped from localhost[127.0.0.1] for service smtps. TLS context initialization failed. For details see earlier warnings in your logs.
disconnect from localhost[127.0.0.1]
ããããããã777ãããããããã(777ããããããããçãããããããï
ls -la /etc/pki/dovecot/certs/dovecot.pem
---------------------------------------------------------------------------
-rwxrwxrwx. 1 root root 1025 Mar 28 07:12 /etc/pki/dovecot/certs/dovecot.pem
äåãããã
ls -la /etc/pki/dovecot/private/dovecot.pem
---------------------------------------------------------------------------
-rwxrwxrwx. 1 root root 916 Mar 28 07:12 /etc/pki/dovecot/private/dovecot.pem
ããããããããããããåãããããããã
ããããããæãããçãããããããããï
äèãæåããããåãããã
ãããããéããããã
--
/////ïïïïïï///////////////////////////////////////////////
ãæåäçããããããããããããããããããããã
ããäèåçåãæè äé
ãã144-0043ãæäé åçå ççïïïïïï
ãTel:03-5705-2595
ãFax:03-6423-9505 ïïïçåãåãããããï
ãmobile-phone:080-3430-2595 070-5582-6540
Email:watanove@xxxxxxxxxxx
///////////////////////////////////////////////ïïïïïï/////
_______________________________________________
Postfix-jp-list mailing list
Postfix-jp-list@xxxxxxxxxxxxx
http://lists.osdn.me/mailman/listinfo/postfix-jp-list
- Follow-Ups
-
- [postfix-jp: 4350] Re: SMTP oer SSL/TLSãããããã, blowingside
- [postfix-jp: 4351] Re: SMTP oer SSL/TLSãããããã, Tomoo Nomura
- [postfix-jp: 4352] Re: SMTP oer SSL/TLSができない。, Ryuji MATSUMOTO
[検索ページ]
[Postfix-JP ML Home]