· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
SSL-POP3S_SMTPS-HOWTO

Using POP3, SMTP with SSL


1. ¹®¼­ÀÇ ¸ñÀû


ÀÌ ¹®¼­´Â OpenSSL À» ÀÌ¿ëÇؼ­ POP3S ¿Í SMTP ¼­ºñ½º¸¦ ½ÃÀÛÇÑ ³» °æÇèÀ» Á¤¸®Çϱâ À§ÇØ ¸¸µé¾îÁ³´Ù.

2. ¹®¼­ÀÇ ¼Ò°³


ÀÌ ¹®¼­´Â OpenSSL À» ÀÌ¿ëÇØ POP3S ¿Í SMTP ¼­ºñ½º¸¦ »ç¿ëÇÏ´Â ÀýÂ÷¿¡ ´ëÇØ ¼³¸íÇÑ´Ù. ·¹µåÇÞ 8.0 À» ±âÁØÀ¸·Î Çϸç MTA ·Î´Â Sendmail À» »ç¿ëÇÑ´Ù. POP3S ¼­ºñ½º´Â xinetd ÇÏ¿¡¼­ ¼­ºñ½ºµÈ´Ù. CA ÀÎÁõÀº ÀÚü ÀÎÁõ ¹æ½ÄÀ» »ç¿ëÇÑ´Ù. ¸ðµç ÀÛ¾÷Àº root ·Î ¼öÇàÇÑ´Ù. ÀÌ ¹®¼­´Â ¾çÁ¤¼®(dasomoli (at) gmail.com)ÀÌ ÀÛ¼ºÇÏ¿´´Ù. :)

3. º»¹®


3.1. ÀÎÁõ¼­ ¸¸µé±â & ¼³Ä¡

  • CSR À» ¸¸µç´Ù.
    # openssl req -new > cert.csr

  • common name ¿¡ µµ¸ÞÀÎ À̸§ ÀÔ·Â(¿¹:jinyangind.com)

  • RSA Å°¸¦ ¸¸µç´Ù.
    # openssl rsa -in privkey.pem -out cert.key

  • CSR ¿¡ ÀÚü ¼­¸íÅ°·Î CA ÀÎÁõ¼­¸¦ ¸¸µç´Ù.
    # openssl x509 -in cert.csr -out cacert.crt -req -signkey cert.key -days 365

  • RSA Å°¿Í CA ÀÎÁõ¼­¸¦ ºÙ¿© pem ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.
    # cat cert.key cacert.crt > cert.pem

  • »ý¼ºÇÑ ÆÄÀÏÀ» root ¿Ü¿¡ ÀÐÀ» ¼ö ¾ø°Ô ÇÑ´Ù.
    # chmod 600 cert.pem cacert.crt cert.key(¿©±â´Â cert.pem »©°í´Â ³» ÃßÃø)

  • SSL ÀÇ certs µð·ºÅ丮¿¡ ¿Å±ä´Ù.
    # mv cert.pem /usr/share/ssl/certs

    # mv cacert.crt /usr/share/ssl/certs

    # mv cert.key /usr/share/ssl/certs

  • pop3s ÀÇ pem ÆÄÀϵµ ¸¸µç °ÍÀ¸·Î »ç¿ë
    # cp /usr/shar/ssl/certs/cert.pem /usr/shar/ssl/certs/ipop3d.pem

  • smtps ÀÇ pem ÆÄÀϵµ ¸¸µç °ÍÀ¸·Î »ç¿ë
    # cp /usr/shar/ssl/certs/cert.pem /usr/shar/ssl/certs/sendmail.pem

3.2. pop3s ¼­ºñ½º ½ÃÀÛÇϱâ.

  • #vi /etc/xinetd.d/pop3s
    service pop3s
    { 
        disable         = no
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/ipop3d
        log_on_success  += USERID
        log_on_failure  += USERID
    }
      
  • # /etc/init.d/xinetd.d restart

3.3. sendmail ¼³Á¤ÇÏ°í Àç½ÃÀÛÇϱâ.

  • # vi /etc/mail/sendmail.mc, ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇÑ´Ù.
    define(`confCACERT_PATH',`/usr/share/ssl/certs')dnl
    define(`confCACERT',`/usr/share/ssl/certs/cacert.crt')dnl
    define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')dnl
    define(`confSERVER_KEY',`/usr/share/ssl/certs/cert.key')dnl
    DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
    Cwjinyangind.com
    
  • # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
  • # /etc/init.d/sendmail restart

3.4. Client ¼³Á¤.

  • cacert.crt ¹èÆ÷, ÀÎÁõ±â°ü¿¡ Ãß°¡.

3.4.1. Outlook

  • ¹Þ´Â ¸ÞÀÏ ¼­¹ö, º¸³»´Â ¸ÞÀÏ ¼­¹ö¿¡ SSL üũ, º¸³»´Â ¸ÞÀϼ­¹ö Æ÷Æ® : 465, ¹Þ´Â ¸ÞÀϼ­¹ö Æ÷Æ® : 995

3.4.2. Thunderbird

  • Outlook °ú °ÅÀÇ °°À½.



ID
Password
Join
Someone is unenthusiastic about your work.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2005-05-04 09:54:11
Processing time 0.0043 sec