[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[postfix-jp: 4354] Re: SMTP oer SSL/TLSãããããã



ååãã

ãããããããããããã

ãæèããã

ãdoveconf -n
ãdovecot.conf
 10-ssl.conf
ããääãéãããã

ããããããéããããã

ãïããããéäãäæãæããããããã
ããæãããããããããããæããããèäããããããããããããããããããããããï


ãdoveconf -n
---------------------------------------------------------------------------
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-229.1.2.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core)
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
listen = *
mbox_write_locks = fcntl
namespace inbox {
 inbox = yes
 location =
 mailbox Drafts {
ÂÂÂ special_use = \Drafts
 }
 mailbox Junk {
ÂÂÂ special_use = \Junk
 }
 mailbox Sent {
ÂÂÂ special_use = \Sent
 }
 mailbox "Sent Messages" {
ÂÂÂ special_use = \Sent
 }
 mailbox Trash {
ÂÂÂ special_use = \Trash
 }
 prefix =
}
passdb {
 driver = pam
}
protocols = imap pop3
service auth {
 unix_listener /var/spool/postfix/private/auth {
ÂÂÂ group = postfix
ÂÂÂ mode = 0660
ÂÂÂ user = postfix
 }
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
ssl_require_crl = no
userdb {
 driver = passwd
}


dovecot.confåé
---------------------------------------------------------------------------
## Dovecot configuration file

# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration

# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.

# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
## Dovecot configuration file

# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration

# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.

# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace "

# Most (but not all) settings can be overridden by different protocols and/or
# source/destination IPs by placing the settings inside sections, for example:
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }

# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var

# Protocols we want to be serving.
#protocols = imap pop3 lmtp
#2016.3.25 nove without lmtp
protocols = imap pop3

# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#2016.3.25 nove no need IPv6
#listen = *, ::
listen = *

# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/

# Name of this instance. In multi-instance setup doveadm and other commands
# can use -i <instance_name> to select which instance is used (an alternative
# to -c <config_path>). The instance name is also added to Dovecot processes
# in ps output.
#instance_name = dovecot

# Greeting message for clients.
#login_greeting = Dovecot ready.

# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =

# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =

# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP.
#auth_proxy_self =

# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no

# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes

# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server

# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ

##
## Dictionary server settings
##

# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".

dict {
 #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
 #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}

# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf

# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
auth_verbose = yes
auth_debug = yes


/etc/dovecot/conf.d/10-ssl.conf
---------------------------------------------------------------------------
##
## SSL settings
##

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
# plain imap and pop3 are still allowed for local connections
#2016.3.25 nove required->yes
ssl = yes

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem

# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using ssl_key_password = <path.
#ssl_key_password =

# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
#ssl_ca =

# Require that CRL check succeeds for client certificates.
#2016.3.28 uncomment yes->no
ssl_require_crl = no

# Directory and/or file for trusted SSL CA certificates. These are used only
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
# directory is usually /etc/pki/dovecot/certs in Debian-based systems and the file is
# /etc/pki/tls/cert.pem in RedHat-based systems.
#ssl_client_ca_dir =
#ssl_client_ca_file =

# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no

# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName

# DH parameters length to use.
#ssl_dh_parameters_length = 1024

# SSL protocols to use
# 2016.3.28 add !SSLv3
#ssl_protocols = !SSLv2 !SSLv3

# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no

# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =


ååãçãããã

systemctl status postfixãæããããèåãåããpermission ãèããããèããããããããããã
> ---------------------------------------------------------------------------
> warning: cannot get RSA certificate from file /etc/pki/dovecot/certs/dovecot.pem: disabling TLS support

ãããèèãããããããdovecotãTLSãæååããããããããããããã ãï
dovecotãèåãäæãããããããããããããã
Â/etc/dovecot/conf.d/10-ssl.confã/etc /dovecot.conf(OSããããéããã)ãæåã
ããããããèããããããããã

-- 
/////ïïïïïï///////////////////////////////////////////////
ãæåäçããããããããããããããããããããã
ããäèåçåãæè äé
ãã144-0043ãæäé åçå ççïïïïïï
ãTel:03-5705-2595
ãFax:03-6423-9505 ïïïçåãåãããããï 
ãmobile-phone:080-3430-2595 070-5582-6540
  Email:watanove@xxxxxxxxxxx
///////////////////////////////////////////////ïïïïïï/////
_______________________________________________
Postfix-jp-list mailing list
Postfix-jp-list@xxxxxxxxxxxxx
http://lists.osdn.me/mailman/listinfo/postfix-jp-list


[検索ページ] [Postfix-JP ML Home]