= Using !POP3, SMTP with SSL =

== '''1. ¹®¼­ÀÇ ¸ñÀû''' ==

 ÀÌ ¹®¼­´Â !OpenSSL À» ÀÌ¿ëÇؼ­ !POP3S ¿Í SMTP ¼­ºñ½º¸¦ ½ÃÀÛÇÑ ³» °æÇèÀ» Á¤¸®Çϱâ À§ÇØ ¸¸µé¾îÁ³´Ù.

== '''2. ¹®¼­ÀÇ ¼Ò°³''' ==

 ÀÌ ¹®¼­´Â !OpenSSL À» ÀÌ¿ëÇØ !POP3S ¿Í SMTP ¼­ºñ½º¸¦ »ç¿ëÇÏ´Â ÀýÂ÷¿¡ ´ëÇØ ¼³¸íÇÑ´Ù. ·¹µåÇÞ 8.0 À» ±âÁØÀ¸·Î Çϸç MTA ·Î´Â Sendmail À» »ç¿ëÇÑ´Ù. !POP3S ¼­ºñ½º´Â xinetd ÇÏ¿¡¼­ ¼­ºñ½ºµÈ´Ù. CA ÀÎÁõÀº ÀÚü ÀÎÁõ ¹æ½ÄÀ» »ç¿ëÇÑ´Ù. ¸ðµç ÀÛ¾÷Àº root ·Î ¼öÇàÇÑ´Ù. ÀÌ ¹®¼­´Â ¾çÁ¤¼®(dasomoli (at) gmail.com)ÀÌ ÀÛ¼ºÇÏ¿´´Ù. :)

== '''3. º»¹®''' ==

 === '''3.1. ÀÎÁõ¼­ ¸¸µé±â & ¼³Ä¡''' ===
  * CSR À» ¸¸µç´Ù.
   # openssl req -new > cert.csr

  * common name ¿¡ µµ¸ÞÀÎ À̸§ ÀÔ·Â(¿¹:jinyangind.com)

  * RSA Å°¸¦ ¸¸µç´Ù.
   # openssl rsa -in privkey.pem -out cert.key

  * CSR ¿¡ ÀÚü ¼­¸íÅ°·Î CA ÀÎÁõ¼­¸¦ ¸¸µç´Ù.
   # openssl x509 -in cert.csr -out cacert.crt -req -signkey cert.key -days 365

  * RSA Å°¿Í CA ÀÎÁõ¼­¸¦ ºÙ¿© pem ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.
   # cat cert.key cacert.crt > cert.pem

  * »ý¼ºÇÑ ÆÄÀÏÀ» root ¿Ü¿¡ ÀÐÀ» ¼ö ¾ø°Ô ÇÑ´Ù.
   # chmod 600 cert.pem cacert.crt cert.key(¿©±â´Â cert.pem »©°í´Â ³» ÃßÃø)

  * SSL ÀÇ certs µð·ºÅ丮¿¡ ¿Å±ä´Ù.
   # mv cert.pem /usr/share/ssl/certs

   # mv cacert.crt /usr/share/ssl/certs

   # mv cert.key /usr/share/ssl/certs

  * pop3s ÀÇ pem ÆÄÀϵµ ¸¸µç °ÍÀ¸·Î »ç¿ë
   # cp /usr/shar/ssl/certs/cert.pem /usr/shar/ssl/certs/ipop3d.pem

  * smtps ÀÇ pem ÆÄÀϵµ ¸¸µç °ÍÀ¸·Î »ç¿ë
   # cp /usr/shar/ssl/certs/cert.pem /usr/shar/ssl/certs/sendmail.pem

 === '''3.2. pop3s ¼­ºñ½º ½ÃÀÛÇϱâ.''' ===
  * #vi /etc/xinetd.d/pop3s
  {{{service pop3s
{ 
    disable         = no
    socket_type     = stream
    wait            = no
    user            = root
    server          = /usr/sbin/ipop3d
    log_on_success  += USERID
    log_on_failure  += USERID
}
  }}}
  * # /etc/init.d/xinetd.d restart

 === '''3.3. sendmail ¼³Á¤ÇÏ°í Àç½ÃÀÛÇϱâ.''' ===
  * # vi /etc/mail/sendmail.mc, ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇÑ´Ù.
  {{{define(`confCACERT_PATH',`/usr/share/ssl/certs')dnl
define(`confCACERT',`/usr/share/ssl/certs/cacert.crt')dnl
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')dnl
define(`confSERVER_KEY',`/usr/share/ssl/certs/cert.key')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
Cwjinyangind.com
}}}
  * # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
  * # /etc/init.d/sendmail restart

 === '''3.4. Client ¼³Á¤.''' ===
  * cacert.crt ¹èÆ÷, ÀÎÁõ±â°ü¿¡ Ãß°¡.
 
  ==== 3.4.1. Outlook ====
   * ¹Þ´Â ¸ÞÀÏ ¼­¹ö, º¸³»´Â ¸ÞÀÏ ¼­¹ö¿¡ SSL üũ, º¸³»´Â ¸ÞÀϼ­¹ö Æ÷Æ® : 465, ¹Þ´Â ¸ÞÀϼ­¹ö Æ÷Æ® : 995
  ==== 3.4.2. Thunderbird ====
   * Outlook °ú °ÅÀÇ °°À½.

----
CategoryLinux