Using POP3, SMTP with SSL ¶
1. ¹®¼ÀÇ ¸ñÀû ¶
ÀÌ ¹®¼´Â OpenSSL À» ÀÌ¿ëÇؼ POP3S ¿Í SMTP ¼ºñ½º¸¦ ½ÃÀÛÇÑ ³» °æÇèÀ» Á¤¸®Çϱâ À§ÇØ ¸¸µé¾îÁ³´Ù.
2. ¹®¼ÀÇ ¼Ò°³ ¶
ÀÌ ¹®¼´Â OpenSSL À» ÀÌ¿ëÇØ POP3S ¿Í SMTP ¼ºñ½º¸¦ »ç¿ëÇÏ´Â ÀýÂ÷¿¡ ´ëÇØ ¼³¸íÇÑ´Ù. ·¹µåÇÞ 8.0 À» ±âÁØÀ¸·Î Çϸç MTA ·Î´Â Sendmail À» »ç¿ëÇÑ´Ù. POP3S ¼ºñ½º´Â xinetd ÇÏ¿¡¼ ¼ºñ½ºµÈ´Ù. CA ÀÎÁõÀº ÀÚü ÀÎÁõ ¹æ½ÄÀ» »ç¿ëÇÑ´Ù. ¸ðµç ÀÛ¾÷Àº root ·Î ¼öÇàÇÑ´Ù. ÀÌ ¹®¼´Â ¾çÁ¤¼®(dasomoli (at) gmail.com)ÀÌ ÀÛ¼ºÇÏ¿´´Ù. .png ":)")
3.1. ÀÎÁõ¼ ¸¸µé±â & ¼³Ä¡ ¶
- CSR À» ¸¸µç´Ù.
# openssl req -new > cert.csr
- common name ¿¡ µµ¸ÞÀÎ À̸§ ÀÔ·Â(¿¹:jinyangind.com)
- RSA Å°¸¦ ¸¸µç´Ù.
# openssl rsa -in privkey.pem -out cert.key
- CSR ¿¡ ÀÚü ¼¸íÅ°·Î CA ÀÎÁõ¼¸¦ ¸¸µç´Ù.
# openssl x509 -in cert.csr -out cacert.crt -req -signkey cert.key -days 365
- RSA Å°¿Í CA ÀÎÁõ¼¸¦ ºÙ¿© pem ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.
# cat cert.key cacert.crt > cert.pem
- »ý¼ºÇÑ ÆÄÀÏÀ» root ¿Ü¿¡ ÀÐÀ» ¼ö ¾ø°Ô ÇÑ´Ù.
# chmod 600 cert.pem cacert.crt cert.key(¿©±â´Â cert.pem »©°í´Â ³» ÃßÃø)
- SSL ÀÇ certs µð·ºÅ丮¿¡ ¿Å±ä´Ù.
# mv cert.pem /usr/share/ssl/certs
# mv cacert.crt /usr/share/ssl/certs
# mv cert.key /usr/share/ssl/certs
- pop3s ÀÇ pem ÆÄÀϵµ ¸¸µç °ÍÀ¸·Î »ç¿ë
# cp /usr/shar/ssl/certs/cert.pem /usr/shar/ssl/certs/ipop3d.pem
- smtps ÀÇ pem ÆÄÀϵµ ¸¸µç °ÍÀ¸·Î »ç¿ë
# cp /usr/shar/ssl/certs/cert.pem /usr/shar/ssl/certs/sendmail.pem
3.2. pop3s ¼ºñ½º ½ÃÀÛÇϱâ. ¶
3.3. sendmail ¼³Á¤ÇÏ°í Àç½ÃÀÛÇϱâ. ¶
- # vi /etc/mail/sendmail.mc, ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇÑ´Ù.
define(`confCACERT_PATH',`/usr/share/ssl/certs')dnl
define(`confCACERT',`/usr/share/ssl/certs/cacert.crt')dnl
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')dnl
define(`confSERVER_KEY',`/usr/share/ssl/certs/cert.key')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
Cwjinyangind.com
- # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
- # /etc/init.d/sendmail restart
3.4. Client ¼³Á¤. ¶
- cacert.crt ¹èÆ÷, ÀÎÁõ±â°ü¿¡ Ãß°¡.
3.4.1. Outlook ¶
- ¹Þ´Â ¸ÞÀÏ ¼¹ö, º¸³»´Â ¸ÞÀÏ ¼¹ö¿¡ SSL üũ, º¸³»´Â ¸ÞÀϼ¹ö Æ÷Æ® : 465, ¹Þ´Â ¸ÞÀϼ¹ö Æ÷Æ® : 995
|
|
