［雜記］RHCE筆記整理-RH253-Unit8(3）－2006隨手札記

LAB

1. 啟動sendmail 並修改設定［iptables開放Port: 25)

2. 啟動dovecot並修改設定 [iptables開放Ports: 110, 143, 993, 995], create "dovecot.pem"

[root@server1 ~]# cd /etc/pki/tls/certs
[root@server1 certs]# make dovecot.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > dovecot.pem ; \
echo "" >> dovecot.pem ; \
cat $PEM2 >> dovecot.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
............++++++
................++++++
writing new private key to '/tmp/openssl.XR7003'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei
Organization Name (eg, company) [My Company Ltd]:Example,Inc.
Organizational Unit Name (eg, section) []:MisGroup
Common Name (eg, your name or your server's hostname) []:server1.example.com
Email Address []:root@server1.example.com

#vi /etc/dovecot.conf
---略---
#edit
ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tls/certs/dovecot.pem
---略---

#service dovecot restart

[root@server1 certs]# openssl s_client -connect server1.example.com:993
CONNECTED(00000003)
depth=0 /C=TW/ST=Taiwan/L=Taipei/O=Example.inc/OU=Mis/CN=server1.example.com/emailAddress=root@server1.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=TW/ST=Taiwan/L=Taipei/O=Example.inc/OU=Mis/CN=server1.example.com/emailAddress=root@server1.example.com
verify return:1
---
Certificate chain
0 s:/C=TW/ST=Taiwan/L=Taipei/O=Example.inc/OU=Mis/CN=server1.example.com/emailAddress=root@server1.example.com
i:/C=TW/ST=Taiwan/L=Taipei/O=Example.inc/OU=Mis/CN=server1.example.com/emailAddress=root@server1.example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDpzCCAxCgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVFcx
DzANBgNVBAgTBlRhaXdhbjEPMA0GA1UEBxMGVGFpcGVpMRQwEgYDVQQKEwtFeGFt
cGxlLmluYzEMMAoGA1UECxMDTWlzMRwwGgYDVQQDExNzZXJ2ZXIxLmV4YW1wbGUu
Y29tMScwJQYJKoZIhvcNAQkBFhhyb290QHNlcnZlcjEuZXhhbXBsZS5jb20wHhcN
MDkwNzMxMTczOTIzWhcNMTAwNzMxMTczOTIzWjCBmjELMAkGA1UEBhMCVFcxDzAN
BgNVBAgTBlRhaXdhbjEPMA0GA1UEBxMGVGFpcGVpMRQwEgYDVQQKEwtFeGFtcGxl
LmluYzEMMAoGA1UECxMDTWlzMRwwGgYDVQQDExNzZXJ2ZXIxLmV4YW1wbGUuY29t
MScwJQYJKoZIhvcNAQkBFhhyb290QHNlcnZlcjEuZXhhbXBsZS5jb20wgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBALP6BCYGqAirbMOMcraqkLEk2P1UIDdPVdoz
4cE3s44VA2v3TGin/msWEaJy9Fv/OE782guTuf38blJD5ogaLRetJnl+PXWyhcve
8/vskh9kW4KtTrHr34YFuQNIp95WPe0eq+DCjGEa0dLMvwFcoZlZVKUR44eatzmF
L3PBfSGzAgMBAAGjgfowgfcwHQYDVR0OBBYEFMh0dj5QYwVoEYndfzjgLTirKTdJ
MIHHBgNVHSMEgb8wgbyAFMh0dj5QYwVoEYndfzjgLTirKTdJoYGgpIGdMIGaMQsw
CQYDVQQGEwJUVzEPMA0GA1UECBMGVGFpd2FuMQ8wDQYDVQQHEwZUYWlwZWkxFDAS
BgNVBAoTC0V4YW1wbGUuaW5jMQwwCgYDVQQLEwNNaXMxHDAaBgNVBAMTE3NlcnZl
cjEuZXhhbXBsZS5jb20xJzAlBgkqhkiG9w0BCQEWGHJvb3RAc2VydmVyMS5leGFt
cGxlLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEOReGEt
CYayJmzNfXoePxg7Ade1C0jZ2xaaDacPdPJuVhf5hyuK5tN7PHY+fHZPX2iGwt7C
Z+VBxsRgG7i51NyUHZqvC1+ZEIva3L0VpSn9VbiZd0HLH82n0C7xapBlY7SJtlqr
vZ0WjJXzLR4WbhtlnesM/pYx76XDsb2BTMmI
-----END CERTIFICATE-----
subject=/C=TW/ST=Taiwan/L=Taipei/O=Example.inc/OU=Mis/CN=server1.example.com/emailAddress=root@server1.example.com
issuer=/C=TW/ST=Taiwan/L=Taipei/O=Example.inc/OU=Mis/CN=server1.example.com/emailAddress=root@server1.example.com
---
No client certificate CA names sent
---
SSL handshake has read 1503 bytes and written 331 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 4C41239D292FD25AA2D68D57A236C2A48F4FCAF72E4DF1CC89830E4938B0C804
Session-ID-ctx:
Master-Key: A7C5822390B6C441FD4A875104DF5C352D1A2AACCFE5F56D92823F21A20CBD5A36AC077BE9C1D27C9D10D2BDFE23A135
Key-Arg : None
Krb5 Principal: None
Start Time: 1249112007
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
* OK Dovecot ready.

3. 允許Intranet(192.168.0.0/24)區網可以Relay

4. 收不同網段的信 [/etc/mail/local-host-names]

5. Aliase部門郵件控管 helpdesk --> student

6. virtusertable [/etc/host模擬]

7. Procmail 過濾

aquatower

2006隨手札記

aquatower 發表在痞客邦留言(0) 人氣()

E-mail轉寄

2006隨手札記

修性不修命,萬劫陰靈難入聖; 修命不修性,猶有家財無主柄

［雜記］RHCE筆記整理-RH253-Unit8(3）

歷史上的今天

留言列表

文章分類

學習 (2)

RHCE (2)

日曆

最新迴響

近期文章

文章彙整

我的連結

參觀人氣

站方公告

«	十二月 2024					»
日	一	二	三	四	五	六
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

«	十二月 2024					»
日	一	二	三	四	五	六
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

«	十二月 2024					»
日	一	二	三	四	五	六
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31