部署 TLS 加密邮箱服务
2022-03-23 本文已影响0人
zoushiwen
创建docker环境
部署mailserver
- 部署工具
DMS_GITHUB_URL='https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master'
wget "${DMS_GITHUB_URL}/docker-compose.yml"
wget "${DMS_GITHUB_URL}/mailserver.env"
wget "${DMS_GITHUB_URL}/setup.sh"
chmod a+x ./setup.sh
- 创建 email 登陆用户
./setup.sh help 获取帮助信息
添加两个用户
./setup.sh email add admin@admin@example.com 123456
./setup.sh email add client@admin@example.com 123456
查看添加的用户
./setup.sh email list
* admin@example.com ( 0 / ~ ) [0%]
* client@example.com ( 3.0K / ~ ) [0%]
- 生成 tls 证书
通过openssl 生成私钥
openssl genrsa -out private.key 1024
根据私钥生成证书申请文件csr
openssl req -new -key server.key -out server.csr
这里根据命令行向导来进行信息输入
使用私钥对证书申请进行签名从而生成证书
openssl x509 -req -in server.csr -out public.crt -signkey private.key -days 3650
这样就生成了有效期为:10年的证书文件,对于自己内网服务使用足够。
docker-compose.yml 配置证书
- 复制证书到指定目录
cp public.crt ./docker-data/dms/custom-certs/
cp private.key ./docker-data/dms/custom-certs/
- 配置docker-compose.yml
...
volumes:
- ./docker-data/dms/mail-data/:/var/mail/
- ./docker-data/dms/mail-state/:/var/mail-state/
- ./docker-data/dms/mail-logs/:/var/log/mail/
- ./docker-data/dms/config/:/tmp/docker-mailserver/
- ./docker-data/dms/custom-certs/:/tmp/dms/custom-certs/:ro
- /etc/localtime:/etc/localtime:ro
environment:
- SSL_TYPE=manual
- SSL_CERT_PATH=/tmp/dms/custom-certs/public.crt
- SSL_KEY_PATH=/tmp/dms/custom-certs/private.key
...
- 启动 mailserver
docker-compose pull
docker-compose down
docker-compose up -d mailserver
golang代码测试
- 添加本地域名解析
vim /etc/hosts
youIPAdress mail.example.com
email jordan-wright/email
package main
import (
"crypto/tls"
"github.com/jordan-wright/email"
"log"
"net/smtp"
)
func main() {
e := email.NewEmail()
e.From = "admin@example.com"
e.To = []string{"client@example.com"}
e.Subject = "Awesome Subject"
e.Text = []byte("Text Body is, of course, supported!")
e.HTML = []byte("<h1>Fancy HTML is supported, too!</h1>")
if err := e.SendWithTLS("mail.example.com:465",
smtp.PlainAuth("", "admin@example.com", "123456", "mail.example.com"),
&tls.Config{
InsecureSkipVerify: true,
ServerName: "mail.example.com",
}); err != nil {
log.Fatal(err)
}
}
添加邮件客户端
foxmail 或则 mac自带邮件都可以
image.png
