Тестирование Postfix-Dovecot+Привязка SSL к Dovecot

Тестирование Postfix-Dovecot+Привязка SSL к Dovecot

Postfix(25 порт)
freebsd9# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 freebds9.kamaok.org.ua ESMTP Postfix (2.9.5)
helo localhost
250 freebds9.kamaok.org.ua
mail from:<test@kamaok.org.ua>
250 2.1.0 Ok
rcpt to:<test@kamaok.org.ua>
250 2.1.5 Ok
data
354 End data with .
hi thi is test message
.
250 2.0.0 Ok: queued as 43A8732E90

SASL
freebsd9# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 freebds9.kamaok.org.ua ESMTP Postfix (2.9.5)
ehlo localhost
250-freebds9.kamaok.org.ua
250-PIPELINING
250-SIZE 10485760
250-ETRN
250-STARTTLS
250-AUTH GSS-SPNEGO GSSAPI PLAIN LOGIN
250-AUTH=GSS-SPNEGO GSSAPI PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN
334
AHRlc3QAcmp5Y25oZXJuYmQ0YnI4Mw==
235 2.7.0 Authentication successful

AHRlc3QAcmp5Y25oZXJuYmQ0YnI4Mw==
Это значие получаем из выводакоманды
freebsd9# perl -MMIME::Base64 -e ‘print encode_base64(«\0test\0a123123»)’
AHRlc3QAcmp5Y25oZXJuYmQ0YnI4Mw==
Test-имя пользователя
a123123 — пароль,который должен экранироваться одним нулем,если он начинается с буквы и тремя нулями,если пароль начинается с цифры
Например, на mail.sda-techs.org.ua имеем
[root@server1 ~]# perl -MMIME::Base64 -e ‘print encode_base64(«\0evgen.k\@mydomain\0a123»)’
AGV2Z2VuLmtAc2RhLXRlY2hzLm9yZy51YQBqa2J2Z2JmbGY4MA==
(не забываем экранировать @)
Postfix
freebsd9# telnet localhost 110
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
+OK Dovecot ready.
user test
+OK
pass a123123
+OK Logged in.
list
+OK 0 messages:
.
stat
+OK 0 0
quit
+OK Logging out.
Connection closed by foreign host.

Dovecot(SSL)
freebsd9# openssl s_client -connect localhost:995
CONNECTED(00000003)
depth=0 /C=UA/ST=Kharkov/L=Kharkov/O=sda-techs/OU=IT-Department/CN=freebsd9.kamaok.org.ua
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=UA/ST=Kharkov/L=Kharkov/O=sda-techs/OU=IT-Department/CN=freebsd9.kamaok.org.ua
verify return:1

Certificate chain
0 s:/C=UA/ST=Kharkov/L=Kharkov/O=sda-techs/OU=IT-Department/CN=freebsd9.kamaok.org.ua
i:/C=UA/ST=Kharkov/L=Kharkov/O=sda-techs/OU=IT-Department/CN=freebsd9.kamaok.org.ua

Server certificate
——BEGIN CERTIFICATE——
MIIDYDCCAsmgAwIBAgIJAI3vF+cR53F6MA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNV
BAYTAlVBMRAwDgYDVQQIEwdLaGFya292MRAwDgYDVQQHEwdLaGFya292MRIwEAYD
VQQKEwlzZGEtdGVjaHMxFjAUBgNVBAsTDUlULURlcGFydG1lbnQxHzAdBgNVBAMT
FmZyZWVic2Q5LmthbWFvay5vcmcudWEwHhcNMTMwNDA3MTgxNDM1WhcNMjMwNDA1
MTgxNDM1WjB+MQswCQYDVQQGEwJVQTEQMA4GA1UECBMHS2hhcmtvdjEQMA4GA1UE
BxMHS2hhcmtvdjESMBAGA1UEChMJc2RhLXRlY2hzMRYwFAYDVQQLEw1JVC1EZXBh
cnRtZW50MR8wHQYDVQQDExZmcmVlYnNkOS5rYW1hb2sub3JnLnVhMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDXy6BuxTeDb8dmfNkBA/T3yLaofWKvXn8BvuZN
FEysz3TWRfLIYme4tFm/Z0IfNG1OzTzEpdGGsb6j84t4FnUmerMnJT0d6KnK28dk
fu9YyK2Ak4fmfTD7WjmaCZsQAa82SX1slAiQeTlLdjpQ/4oC+33vYHe5r6Y7I1Hi
OH/8pwIDAQABo4HlMIHiMB0GA1UdDgQWBBT4YeccuSr/066u+YJhUXl+IRadcDCB
sgYDVR0jBIGqMIGngBT4YeccuSr/066u+YJhUXl+IRadcKGBg6SBgDB+MQswCQYD
VQQGEwJVQTEQMA4GA1UECBMHS2hhcmtvdjEQMA4GA1UEBxMHS2hhcmtvdjESMBAG
A1UEChMJc2RhLXRlY2hzMRYwFAYDVQQLEw1JVC1EZXBhcnRtZW50MR8wHQYDVQQD
ExZmcmVlYnNkOS5rYW1hb2sub3JnLnVhggkAje8X5xHncXowDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQUFAAOBgQBJUtW1awZVvGAHWVgaiazaCq32xDfPFwQNJc2H
SRbD1/5iFRK3IAoyZuuAGg4PcaC/945JYJz0RkSIXlu4174YKljpHwven/lUb28O
a9zNK0uEsuqFPHO9Ot8/FwLKi3T5m9kDeibkCJZj5SjOzmgQPEBwwnE8guT7+HyC
I5B9eg==
——END CERTIFICATE——
subject=/C=UA/ST=Kharkov/L=Kharkov/O=sda-techs/OU=IT-Department/CN=freebsd9.kamaok.org.ua
issuer=/C=UA/ST=Kharkov/L=Kharkov/O=sda-techs/OU=IT-Department/CN=freebsd9.kamaok.org.ua

No client certificate CA names sent

SSL handshake has read 1439 bytes and written 337 bytes

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 8377361B37970D28E650B485D9154D9B379E67B48FFD4D5A8ACD786210B82C12
Session-ID-ctx:
Master-Key: 2320151982758EC5C70909E994E04D63B70B11BD413F528E085662B69A0C3132FD7FBC44AFECEE5CD0A674AFD8FC1D21
Key-Arg : None
Start Time: 1365365163
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)

+OK Dovecot ready.

Привязка SSL к Dovecot
ssl = yes
ssl_cert_file = /usr/local/etc/postfix/smtpd.pem
ssl_key_file = /usr/local/etc/postfix/smtpd.pem
ssl_verify_client_cert = no
ssl_parameters_regenerate = 168
ssl_cipher_list = ALL:!LOW:!SSLv2
verbose_ssl = yes

cd /usr/loca/etc/postfix
openssl req -new -nodes -x509 -out smtpd.pem -keyout smtpd.pem -days 3650
Главное,в Common Name вести FQDN-сервера(freebsd9.kamaok.org.ua)

Комментирование и размещение ссылок запрещено.

Комментарии закрыты.

Яндекс.Метрика