Home > Cloud Computing > Cloud Security

Deploy the Sendmail network, so security is not leaked (below)

Source: Internet
Author: User
Tags imap modulus starttls dovecot
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

(Connect to the Sendmail network, and ensure security (on) 5. Configure STARTTLS
1. generate an authority
[Root @ mail ~] # Cd/etc/pki/
[Root @ mail pki] # vim tls/openssl. cnf


[Root @ mail CA] # pwd
/Etc/pki/CA
[Root @ mail CA] # mkdir crl certs newcerts
[Root @ mail CA] # touch index.txt serial
[Root @ mail CA] # echo "01"> serial
[Root @ mail CA] # openssl genrsa 1024> private/cakey. pem
Generating RSA private key, 1024 bit long modulus
...................................... ++
........................................ ................. ++
E is 65537 (0x10001)
[Root @ mail CA] # chmod 600 private /*
[Root @ mail CA] #

[Root @ mail CA] # pwd
/Etc/pki/CA
[Root @ mail CA] # openssl req-new-x509-key private/cakey. pem-out cacert. pem-days 3650
 


2. issue a certificate for Sendmail
[Root @ mail] # pwd
/Etc/mail
[Root @ mail] # mkdir certs
[Root @ mail] # cd certs
[Root @ mail certs] # openssl genrsa 1024> Sendmail. key
Generating RSA private key, 1024 bit long modulus
...
...
E is 65537 (0x10001)
[Root @ mail certs] # openssl req-new-key Sendmail. key-out Sendmail. csr


[Root @ mail certs] # openssl ca-in Sendmail. csr-out Sendmail. cert



[Root @ mail certs] # pwd
/Etc/mail/certs
[Root @ mail certs] # cp/etc/pki/CA/cacert. pem ./
[Root @ email certs] # chmod 600 *
[Root @ mail certs] # cd ..
[Root @ mail] # vim Sendmail. mc


3. Sendmail Test
[Root @ mail] # telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to mail.bj.com (127.0.0.1 ).
Escape character is '^]'.
220 mail.bj.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 20 Mar 2012 11:30:14 + 0800
EHLO 127.0.0.1
250-mail.bj.com Hello mail.bj.com [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
December 250-SIZE
250-DSN
250-ETRN
250-STARTTLS proof Enabled
250-DELIVERBY
250 HELP

Test with host
 


4. issue a certificate to dovecot
[Root @ mail] # mkdir-pv/etc/dovecot/certs
Mkdir: created directory '/etc/dovecot'
Mkdir: created directory '/etc/dovecot/certs'
[Root @ mail] # cd/etc/dovecot/certs/
[Root @ mail certs] # openssl genrsa 1024> dovecot. key
Generating RSA private key, 1024 bit long modulus
........................................ ........................................ ....... ++
...
E is 65537 (0x10001)
[Root @ mail certs] #
[Root @ mail certs] # openssl req-new-key dovecot. key-out dovecot. csr


[Root @ mail certs] # openssl ca-in dovecot. csr-out dovecot. cert


[Root @ email certs] # chmod 600 *
[Root @ mail certs] # vim/etc/dovecot. conf


[Root @ mail certs] # service dovecot restart
Stopping Dovecot Imap: [OK]
Starting Dovecot Imap: [OK]
[Root @ mail certs] # netstat-tupln | grep dovecot
Tcp 0 0: 993: * LISTEN 3660/dovecot
Tcp 0 0: 110: * LISTEN 3660/dovecot
Tcp 0 0: 143: * LISTEN 3660/dovecot
[Root @ mail certs] #

5. dovecot Test
Install wireshark packet capture tool
[Root @ mail ~] # Yum install wireshark. i386

[Root @ mail ~] # Tshark-ni eth0-R "tcp. dstport eq 110"
 


[Root @ mail ~] # Tshark-ni eth0-R "tcp. dstport eq 993"
 
 
6. Configure Sasl
To provide as much security as possible, Sasl needs to be enabled to verify the user. Sasl is not enabled by default, so that anyone can send emails as a user.


1. View and install Sasl-related components
[Root @ mail Server] # pwd
/Mnt/cdrom/Server
[Root @ mail Server] # rpm-qa | grep Sasl
Cyrus-Sasl-lib-2.1.22-5.el5
Cyrus-Sasl-2.1.22-5.el5
Cyrus-Sasl-devel-2.1.22-5.el5
Cyrus-Sasl-plain-2.1.22-5.el5
[Root @ mail Server] #

[Root @ mail ~] # Service Saslauthd start
Starting Saslauthd: [OK]
[Root @ mail ~] #
[Root @ mail Server] # chkconfig -- list | grep Sasl
Saslauthd 0: off1: off2: off3: off4: off5: off6: off
[Root @ mail Server] # chkconfig Saslauthd on
[Root @ mail Server] # chkconfig -- list | grep Sasl
Saslauthd 0: off1: off2: on3: on4: on5: on6: off
[Root @ mail Server] #

[Root @ mail Server] # rpm-qc cyrus-Sasl
/Etc/rc. d/init. d/Saslauthd
/Etc/sysconfig/Saslauthd
[Root @ mail Server] #
2. Modify Sasl-related configuration files
[Root @ mail ~] # Cd/usr/lib/Sasl2/
[Root @ mail Sasl2] # vim Sendmail. conf


[Root @ mail Sasl2] # cd/etc/mail
[Root @ mail] # pwd
/Etc/mail
[Root @ mail] # vim Sendmail. mc


[Root @ mail] # service Sendmail restart
Shutting down sm-client: [OK]
Shutting down Sendmail: [OK]
Starting Sendmail: [OK]
Starting sm-client: [OK]
[Root @ mail] #


3. Account Test
Encode a user's account
[Root @ mail ~] # Echo-n "user1" | openssl base64
DXNlcjE =
[Root @ mail ~] # Echo-n "123" | openssl base64
MTIz
[Root @ mail ~] #
 


4. Mail Test
If authentication is not enabled, send an email


Enable authentication


Because the email sending speed is fast, the demo is not displayed.

BLOG by PheonixKing

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
what is rc4 in network security usr sbin sendmail not found sendmail from not set in php ini what is draining android battery so fast 4chan leaked what is deploy static akamaitechnologies com network security key mismatch
Related Article
How does personal cloud security guarantee data security?
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More