squirrelmail install 및 웹브라우저 설정
yum -y install epel-release
yum -y install squirrelmail
[root@squirrelmail-server ~]# cd /usr/share/squirrelmail/config/ && ls
conf.pl config.php config_default.php config_local.php index.php
[root@squirrelmail-server config]# perl conf.pl
SquirrelMail Configuration : Read: config.php
Config version 1.4.0; SquirrelMail version unknown
---------------------------------------------------------
Organization Preferences
1. Organization Name : jiwon.min.kh
2. Organization Logo : ../images/sm_logo.png
3. Org. Logo Width/Height : (308/111)
4. Organization Title : SquirrelMail $version
5. Signout Page :
6. Top Frame : _top
7. Provider link : http://squirrelmail.org/
8. Provider name : mail
R Return to Main Menu
C Turn color off
S Save data
Q Quit
Command >>
--2
SquirrelMail Configuration : Read: config.php
Config version 1.4.0; SquirrelMail version unknown
---------------------------------------------------------
Server Settings
General
-------
1. Domain : mail.jiwon.min.kh
2. Invert Time : false
3. Sendmail or SMTP : SMTP
SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : none
8. Secure SMTP (TLS) : disabled
9. Header encryption key :
A. Update IMAP Settings : localhost:143 (other)
H. Hide SMTP Settings
R Return to Main Menu
C Turn color off
S Save data
Q Quit
--B
--language
--한국어 깨지므로 설정 x
SquirrelMail Configuration : Read: config.php
Config version 1.4.0; SquirrelMail version unknown
---------------------------------------------------------
Language preferences
1. Default Language : en_US
2. Default Charset : iso-8859-1
3. Enable lossy encoding : false
R Return to Main Menu
C Turn color off
S Save data
Q Quit
Command >>
--------------------------------------------------------------------------------------
systemctl start dovecot
yum install telnet-server telnet
systemctl start telnet.socket
[root@squirrelmail-server config]# telnet localhost 110
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
quit
+OK Logging out
Connection closed by foreign host.
--유저 생성
[root@squirrelmail-server config]# useradd -m minjin -s /sbin/nologin
[root@squirrelmail-server config]# passwd minjin
minjin 사용자의 비밀 번호 변경 중
새 암호:
잘못된 암호: 암호는 사전 검사에 실패했습니다 - 사전에 있는 단어를 기반으로 합니다
새 암호 재입력:
passwd: 모든 인증 토큰이 성공적으로 업데이트 되었습니다.
[root@squirrelmail-server config]# useradd -m yyy -s /sbin/nologin
[root@squirrelmail-server config]# passwd yyy
yyy 사용자의 비밀 번호 변경 중
새 암호:
잘못된 암호: 암호는 사전 검사에 실패했습니다 - 사전에 있는 단어를 기반으로 합니다
새 암호 재입력:
passwd: 모든 인증 토큰이 성공적으로 업데이트 되었습니다.
[root@squirrelmail-server ~]# firefox http://mail.jiwon.min.kh/webmail--window client에서 dns 없이 임시로 웹브라우저 접속
메모장에서 파일 > 열기로 이동하여 C:\Windows\System32\drivers\etc로 이동한 후
파일 이름 필드 옆에 있는 드롭다운 메뉴에서 모든 파일(*.*)을 선택합니다.
hosts 파일을 엽니다.
200.200.200.150 mail.pang.kh
저장하고 닫습니다:
인증서 생성 및 postfix 설정
[root@postfix ~]# yum -y install postfix
[root@postfix ~]# vi /etc/hosts
192.168.146.100 mail.jiwon.kh
[root@postfix ~]# mkdir /etc/postfix/ssl
[root@postfix ~]# cd /etc/postfix/ssl
[root@postfix ssl]# yum -y install openssl
[root@squirrelmail-server ssl]# openssl genrsa -des3 -out rootCA.key 2048
Generating RSA private key, 2048 bit long modulus
...........+++
..+++
e is 65537 (0x10001)
Enter pass phrase for rootCA.key: --P@ss0rd 입력
Verifying - Enter pass phrase for rootCA.key: --P@ss0rd 입력
--rootCA 사설 키로 서명한 인증서 생성
[root@squirrelmail-server ssl]# openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.pem
Enter pass phrase for rootCA.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:SEOUL
Locality Name (eg, city) [Default City]:JONGRO
Organization Name (eg, company) [Default Company Ltd]:KH
Organizational Unit Name (eg, section) []:CLOUD
Common Name (eg, your name or your server's hostname) []:KH
Email Address []:root@KH
[root@squirrelmail-server ssl]# ls
rootCA.key rootCA.pem
--pem 파일을 나중에 클라이언트에서 사용할 수 있도록 CRT 형식의 인증서로
root@squirrelmail-server ssl]# openssl x509 -outform der -in rootCA.pem -out rootCA.crt
[root@squirrelmail-server ssl]# ls
rootCA.crt rootCA.key rootCA.pem
--webserver 사설키 생성
root@squirrelmail-server ssl]# openssl genrsa -out jiwon.min.kh.key 2048
Generating RSA private key, 2048 bit long modulus
.........+++
......................................................+++
e is 65537 (0x10001)
개인키로 서명한 인증서 csr 생성
[root@squirrelmail-server ssl]# openssl req -new -key jiwon.min.kh.key -out jiwon.min.kh.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:SEOUL
Locality Name (eg, city) [Default City]:JONGRO
Organization Name (eg, company) [Default Company Ltd]:jiwon.mail.kh
Organizational Unit Name (eg, section) []:CLOUD
Common Name (eg, your name or your server's hostname) []:mail.jiwon.min.kh --dns에 있는 메일주소 fqdn 꼭 넣어줘요 이거때문에 안됏어요..
Email Address []:root@jiwon.min.kh
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
v3 관련 확장부분 추가
[root@squirrelmail-server ssl]# vi jiwon.min.kh.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = mail.jiwon.min.kh --여기도 dns에 있는 메일주소..꼭
--rootCA 서명이 담긴 서버인증서 생성 -v3 확장기능 추가하여
[root@squirrelmail-server ssl]# openssl x509 -req -in jiwon.min.kh.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out jiwon.min.kh.crt -days 365 -sha256 -extfile jiwon.min.kh.ext
Signature ok
subject=/C=KR/ST=SEOUL/L=JONGRO/O=jiwon.mail.kh/OU=CLOUD/CN=mail.jiwon.min.kh/emailAddress=me@jiwon.min.kh
Getting CA Private Key
Enter pass phrase for rootCA.key:
--서버 인증서 생성 확인
[root@squirrelmail-server ssl]# openssl x509 -in jiwon.min.kh.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c4:97:4a:a1:b1:24:16:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=KR, ST=SEOUL, L=JONGRO, O=KH, OU=CLOUD, CN=KH/emailAddress=root@KH
Validity
Not Before: Apr 8 09:58:24 2024 GMT
Not After : Apr 8 09:58:24 2025 GMT
Subject: C=KR, ST=SEOUL, L=JONGRO, O=jiwon.mail.kh, OU=CLOUD, CN=mail.jiwon.min.kh/emailAddress=me@jiwon.min.kh
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e2:e9:4e:74:9e:23:2e:04:82:5a:56:f7:66:f0:
da:6d:d7:86:2f:e7:df:71:6b:9a:bc:54:ec:c6:c3:
fa:8b:1a:67:6f:a6:83:7c:9e:89:08:b8:b4:61:01:
3b:b4:a3:e7:b1:a4:dc:4d:23:3e:92:26:58:4a:5b:
80:1d:73:2d:83:e5:9c:af:6f:a4:55:e8:fe:4d:d3:
5f:90:3d:da:d7:ba:56:0c:3c:21:3e:87:7b:e1:74:
d1:34:ff:7d:28:bf:8b:04:72:d3:7d:a2:01:25:e5:
18:4f:a7:19:bd:48:9b:a7:d4:3e:1b:91:4c:54:26:
78:69:2d:e8:cb:4e:29:71:02:81:73:50:5a:79:ad:
4e:f5:12:9f:0d:86:01:d0:cb:af:a0:4e:e9:a9:d2:
48:a5:75:58:67:cf:f4:7b:35:27:8a:81:9c:0b:c2:
5e:ae:e0:10:65:61:2d:c1:97:c6:6b:b8:22:8b:27:
5a:8a:4f:5e:2f:2a:47:37:75:46:1c:8b:e9:1d:79:
25:6f:d3:e2:07:5a:09:ad:f9:6b:7b:9c:c5:2b:b3:
ee:84:4e:43:ec:2c:7d:1c:89:7c:6f:03:99:8f:73:
4e:cf:e6:18:f3:f2:bc:e4:23:aa:b3:b2:7c:1e:31:
7a:07:17:81:9d:f5:c5:65:f8:7b:ae:c3:6e:00:11:
e7:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:CF:93:27:64:21:39:F7:51:59:26:A1:2A:38:57:3D:48:07:65:66:78
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Subject Alternative Name:
DNS:mail.jiwon.min.kh
Signature Algorithm: sha256WithRSAEncryption
56:b1:43:52:df:c0:7b:66:a3:c8:fb:7b:c9:e2:ad:e5:27:f3:
b0:b4:c3:c6:07:34:d4:a0:e7:b5:71:85:d6:e0:f9:ae:2e:1f:
f4:85:e5:99:3b:a1:51:74:85:1a:1f:b7:99:27:c9:14:65:83:
b0:cf:d2:2c:02:fe:93:0f:7b:70:d3:ee:f2:92:57:3e:d7:d5:
23:1f:14:94:65:60:2a:9b:64:b5:2c:98:4a:77:b6:31:22:d3:
46:bc:e9:2d:68:38:9d:97:8b:7a:84:21:9b:93:76:85:9b:9b:
9f:65:62:0c:30:07:99:28:92:c8:9c:35:d7:b5:9c:db:ad:28:
ec:9b:35:56:a6:cf:30:08:a0:f1:de:2d:29:e4:47:df:66:0a:
76:68:99:70:44:99:55:87:82:5c:82:76:65:e9:66:c3:1e:68:
cc:c6:72:5e:f9:f8:fa:24:d1:64:b8:b7:ec:65:4b:3e:b6:1c:
8a:c3:e5:b2:5e:de:40:ae:40:dd:62:a4:4f:e6:29:48:0c:9f:
33:14:29:e9:87:16:a7:35:db:b5:09:52:a2:b5:ee:0e:09:a5:
e0:7a:31:fa:d6:0d:50:a5:0b:03:d8:74:b5:46:e6:06:9f:4e:
ec:cd:a1:2b:45:30:ac:32:fe:34:e4:05:9f:f5:4b:53:66:74:
15:f0:4a:8f
[root@squirrelmail-server ssl]# vi /etc/httpd/conf.d/ssl.conf
95 # Server Certificate:
96 # Point SSLCertificateFile at a PEM encoded certificate. If
97 # the certificate is encrypted, then you will be prompted for a
98 # pass phrase. Note that a kill -HUP will prompt again. A new
99 # certificate can be generated using the genkey(1) command.
100 SSLCertificateFile /etc/postfix/ssl/jiwon.min.kh.crt --수정
101
102 # Server Private Key:
103 # If the key is not combined with the certificate, use this
104 # directive to point at the key file. Keep in mind that if
105 # you've both a RSA and a DSA private key you can configure
106 # both in parallel (to also allow the use of DSA ciphers, etc.)
107 SSLCertificateKeyFile /etc/postfix/ssl/jiwon.min.kh.key --수정
[root@squirrelmail-server ssl]# vi /etc/httpd/conf/httpd.conf
360 SSLCertificateFile /etc/postfix/ssl/jiwon.min.kh.crt --수정
361 SSLCertificateKeyFile /etc/postfix/ssl/jiwon.min.kh.key --수정
[root@squirrelmail-server ssl]# systemctl restart httpd
[root@squirrelmail-server config]# vi /etc/httpd/conf/httpd.conf
<VirtualHost *:443>
ServerName mail.jiwon.min.kh
DocumentRoot /usr/share/squirrelmail
SSLEngine on
SSLCertificateFile /etc/postfix/ssl/jiwon.min.kh.crt
SSLCertificateKeyFile /etc/postfix/ssl/jiwon.min.kh.key
// 임의로 /var/log/httpd/error_log와 /var/log/httpd/access_log 바꿈
ErrorLog /var/log/httpd/mail.jiwon.min.kh.error_log
CustomLog /var/log/httpd/mail.jiwon.min.kh.access_log common
<Directory /usr/share/squirrelmail>
Options Indexes FollowSymLinks
RewriteEngine On
AllowOverride All
DirectoryIndex index.php
Require all granted
</Directory>
</VirtualHost>
[root@squirrelmail-server ssl]# vi /etc/postfix/main.cf
myhostname = mail.jiwon.kh
mydomain = jiwon.kh
myorigin = $mydomain
home_mailbox = mail/
mynetworks = 192.168.146.0/24
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
[root@squirrelmail-server ssl]# nono /etc/postfix/master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
--해당영역 주석 제거
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
--nano 저장 및 종료
Ctrl + O를 누른 다음 Enter를 눌러 저장
Ctrl + X를 눌러 종료
[root@postfix ssl]# yum -y install dovecot
--주석 제거 후 추가
[root@postfix ssl]# vi /etc/dovecot/conf.d/10-master.conf
95 # Postfix smtp-auth
96 unix_listener /var/spool/postfix/private/auth {
97 mode = 0660
98 user = postfix
99 group = postfix
100 }
[root@postfix ssl]# nano /etc/dovecot/conf.d/10-auth.conf
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain
[root@postfix ssl]# vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/mail
--주석 제거
[root@postfix ~]# vi /etc/dovecot/conf.d/20-pop3.conf
50 pop3_uidl_format = %08Xu%08Xv
--설정파일이 반영되도록 Postfix와 Devecot를 재시작 하고 시스템이 재부팅되면 자동으로 실행되도록 서비스에 등록
[root@postfix ~]# systemctl restart postfix
[root@postfix ~]# systemctl enable postfix
[root@postfix ~]# systemctl restart dovecot
[root@postfix ~]# systemctl enable dovecot
Created symlink from /etc/systemd/system/multi-user.target.wants/dovecot.service to /usr/lib/systemd/system/dovecot.service.[root@squirrelmail-server config]# telnet mail.jiwon.min.kh smtp
Trying 192.168.146.202...
Connected to mail.jiwon.min.kh.
Escape character is '^]'.
220 mail.jiwon.min.kh ESMTP Postfix
ehlo mail.jiwon.min.kh
250-mail.jiwon.min.kh
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:jiwon@mail.jiwon.min.kh
250 2.1.0 Ok
rcpt to:minjin@mail.jiwon.min.kh
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
^] <- ctrl + ]
telnet> quit
Connection closed.
'On-Premise 기반 시스템 통합 > squirrelmail' 카테고리의 다른 글
| squirrelmail web browser 로고 바꾸기 (0) | 2024.04.15 |
|---|---|
| squirrelmail 인증서 (0) | 2024.04.08 |
