网络系统管理Linux环境——12.AppSrv之MAIL（POSTFIX-SMTPS & DOVECOT-IMAPS）

[root@appsrv ~]# yum install dovecot -y

[root@appsrv ~]# mkdir /CA
[root@appsrv ~]# openssl genrsa -out /CA/postfix.key
Generating RSA private key, 2048 bit long modulus
.....................................+++
.......................+++
e is 65537 (0x10001)

[root@appsrv ~]# openssl req -new -x509 -key  /CA/postfix.key -out /CA/postfix.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:ShangDong
Organization Name (eg, company) [Default Company Ltd]:skills
Organizational Unit Name (eg, section) []:Operations Departments
Common Name (eg, your name or your server's hostname) []:smtp.sdskills.com
Email Address []:
[root@appsrv ~]#

[root@appsrv ~]# openssl genrsa -out /CA/dovecot.key
Generating RSA private key, 2048 bit long modulus
.......+++
.......................................................................................................+++
e is 65537 (0x10001)
[root@appsrv ~]# openssl req -x509 -new -key  /CA/dovecot.key -out /CA/dovecot.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:ShangDong
Organization Name (eg, company) [Default Company Ltd]:skills
Organizational Unit Name (eg, section) []:imap.sdskills.com
Common Name (eg, your name or your server's hostname) []:
Email Address []:
[root@appsrv ~]#

[root@appsrv ~]# vim /etc/postfix/main.cf
75行：myhostname = mail.sdskills.com                 //本机主机名,可以为 wjy.com
83行：mydomain = sdskills.com                        //服务器域名
99行：myorigin = $mydomain                      //初始域名
112行：inet_interfaces = all              //网卡选择
115行： #inet_interfaces = localhost       //注释115行
164行：mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain         //目标域 or 注释164行，取消注释165行
264行：mynetworks = 0.0.0.0/0    //以下网段可以通过
419行：home_mailbox = Maildir/                     //邮件目录，在用户家目录下
670行：smtpd_use_tls = yes
671行：smtpd_tls_cert_file = /CA/postfix.crt
672行：smtpd_tls_key_file = /CA/postfix.key

[root@appsrv ~]# vim /etc/postfix/master.cf  
11行：#smtp      inet  n       -       n       -       -       smtpd   ##注释掉25端口
16行：smtps     inet  n       -       n       -       -       smtpd      ##开启465端口
28行:  -o smtpd_tls_wrappermode=yes   ##取消注释，启动证书认证

[root@appsrv ~]# vim /etc/dovecot/dovecot.conf 
24行:protocols = imaps   ##启用 imaps

[root@appsrv ~]# vim /etc/dovecot/conf.d/10-auth.conf 
10行:disable_plaintext_auth = no

[root@appsrv ~]# vim /etc/dovecot/conf.d/10-mail.conf
24行:  mail_location = maildir:~/Maildir ##取消注释

[root@appsrv ~]# vim /etc/dovecot/conf.d/10-ssl.conf 
14行:ssl_cert = </CA/dovecot.crt
15行:ssl_key = </CA/dovecot.key

[root@appsrv ~]# for i in $(seq 1 99);do useradd user$i;done
[root@appsrv ~]# for i in $(seq 1 99);do echo "Chinaskill20"|passwd --stdin user$i;done
更改用户 user1 的密码 。
passwd：所有的身份验证令牌已经成功更新。
更改用户 user2 的密码 。
passwd：所有的身份验证令牌已经成功更新。
更改用户 user3 的密码 。
passwd：所有的身份验证令牌已经成功更新。
更改用户 user4 的密码 。
passwd：所有的身份验证令牌已经成功更新。
更改用户 user5 的密码 。
passwd：所有的身份验证令牌已经成功更新。
.....................................
[root@appsrv ~]#

[root@appsrv ~]# systemctl restart postfix.service 
[root@appsrv ~]# systemctl restart dovecot.service