{"id":765,"date":"2024-09-20T15:09:56","date_gmt":"2024-09-20T12:09:56","guid":{"rendered":"https:\/\/greenhouse.cv.ua\/?p=765"},"modified":"2024-09-24T11:55:17","modified_gmt":"2024-09-24T08:55:17","slug":"postfix-and-dovecot-ssl-cert","status":"publish","type":"post","link":"https:\/\/greenhouse.cv.ua\/?p=765","title":{"rendered":"Postfix and Dovecot ssl cert"},"content":{"rendered":"\n

\u0412\u0438\u043d\u0438\u043a\u043b\u043e \u043f\u0438\u0442\u0430\u043d\u043d\u044f \u043f\u0456\u0434\u0442\u0440\u0438\u043c\u043a\u0438 \u0440\u0456\u0437\u043d\u0438\u0445 \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u0456\u0432 \u0434\u043b\u044f \u0440\u0456\u0437\u043d\u0438\u0445 \u0434\u043e\u043c\u0435\u043d\u0456\u0432. \u0406 \u044f\u043a \u0432\u0438\u044f\u0432\u0438\u043b\u043e\u0441\u044c – \u0446\u0435 \u043c\u043e\u0436\u043b\u0438\u0432\u043e. \u041e\u0442\u043e\u0436 \u0434\u0430\u043b\u0456 \u043f\u0440\u0438\u043a\u043b\u0430\u0442\u0438 \u043a\u043e\u043d\u0444\u0456\u0433\u0443\u0440\u0430\u0446\u0456\u0457:<\/p>\n\n\n\n

Postfix<\/strong><\/p>\n\n\n\n

----- main.cf -----\n# provide the primary certificate for the server, to be used for outgoing connections\nsmtpd_tls_chain_files =\n \/etc\/letsencrypt\/live\/servername.serverdom.com\/privkey.pem,\n \/etc\/letsencrypt\/live\/servername.serverdom.com\/fullchain.pem\n\n# provide the map to be used when SNI support is enabled\ntls_server_sni_maps = hash:\/etc\/postfix\/vmail_ssl.map\n-----\n<\/code><\/pre>\n\n\n\n
----- \/etc\/postfix\/vmail_ssl.map -----\n# Compile with postmap -F hash:\/etc\/postfix\/vmail_ssl.map when updating\n# One host per line\n\nservername.serverdom.com \n \/etc\/letsencrypt\/live\/servername.serverdom.com\/privkey.pem \n \/etc\/letsencrypt\/live\/servername.serverdom.com\/fullchain.pem\n\nservername.otherdom.com \n \/etc\/letsencrypt\/live\/servername.otherdom.com\/privkey.pem \n \/etc\/letsencrypt\/live\/servername.otherdom.com\/fullchain.pem<\/code><\/pre>\n\n\n\n
\u041f\u0456\u0441\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0454\u043c\u043e<\/p>\n\n\n\n
$ postmap -F hash:\/etc\/postfix\/vmail_ssl.map<\/code><\/p>\n\n\n\n
\u041f\u0435\u0440\u0435\u0432\u0430\u043d\u0442\u0430\u0436\u0443\u0454\u043c\u043e postfix<\/code><\/p>\n\n\n\n
\u041f\u0435\u0440\u0435\u0432\u0456\u0440\u043a\u0430<\/p>\n\n\n\n
\n
$ openssl s_client -connect localhost:25 -servername servername.otherdom.com -starttls smtp<\/code><\/p>\n\n\n\n
$ openssl s_client -connect localhost:25 -servername servername.serverdom.com -starttls smtp<\/code><\/p>\n<\/div>\n\n\n\n
\u0429\u043e\u0431 \u043f\u0435\u0440\u0435\u0432\u0456\u0440\u0438\u0442\u0438: \u0432\u0438 \u0437\u043d\u0430\u0439\u0434\u0435\u0442\u0435 \u0456\u043c\u2019\u044f \u0445\u043e\u0441\u0442\u0430 \u043f\u0456\u0434 \u0434\u0435\u0442\u0430\u043b\u044f\u043c\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u0430. \u0412\u043e\u043d\u043e \u0432\u0456\u0434\u043f\u043e\u0432\u0456\u0434\u0430\u0442\u0438\u043c\u0435 \u0442\u0438\u043f\u043e\u0432\u043e\u043c\u0443 \u0456\u043c\u0435\u043d\u0456 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0445\u043e\u0441\u0442\u0443, \u044f\u043a\u0449\u043e \u0437\u0431\u0456\u0433\u0443 \u043d\u0435\u043c\u0430\u0454. \u0417 \u0446\u0456\u0454\u0457 \u043f\u0440\u0438\u0447\u0438\u043d\u0438 \u043f\u0435\u0440\u0435\u043a\u043e\u043d\u0430\u0439\u0442\u0435\u0441\u044f, \u0449\u043e \u0456\u043c\u2019\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0445\u043e\u0441\u0442\u0430 \u0454 \u0443 \u0444\u0430\u0439\u043b\u0456 \u043a\u0430\u0440\u0442\u0438.<\/p>\n\n\n\n
\n\n\n\n
Dovecot<\/strong><\/p>\n\n\n\n
# Default\nssl_cert = <\/path\/to\/default\/cert\nssl_key = <\/path\/to\/default\/private\/key\n\n# mail.example.it\nlocal_name mail.example.it {\n    ssl_cert = <\/etc\/letsencrypt\/live\/mail.example.it\n    ssl_key = <\/path\/to\/mail.example.it\/private\/key\n}\n\n# mail.example.com\nlocal_name mail.example.com {\n    ssl_cert = <\/etc\/letsencrypt\/live\/mail.example.com\n    ssl_key = <\/path\/to\/mail.example.com\/private\/key\n}<\/code><\/pre>\n\n\n\n
\u041f\u0435\u0440\u0435\u0432\u0430\u043d\u0442\u0430\u0436\u0443\u0454\u043c \u0456 \u043a\u043e\u0440\u0438\u0441\u0442\u0443\u0454\u043c\u043e\u0441\u044c<\/p>\n","protected":false},"excerpt":{"rendered":"
\u0412\u0438\u043d\u0438\u043a\u043b\u043e \u043f\u0438\u0442\u0430\u043d\u043d\u044f \u043f\u0456\u0434\u0442\u0440\u0438\u043c\u043a\u0438 \u0440\u0456\u0437\u043d\u0438\u0445 \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u0456\u0432 \u0434\u043b\u044f \u0440\u0456\u0437\u043d\u0438\u0445 \u0434\u043e\u043c\u0435\u043d\u0456\u0432. \u0406 \u044f\u043a \u0432\u0438\u044f\u0432\u0438\u043b\u043e\u0441\u044c – \u0446\u0435 \u043c\u043e\u0436\u043b\u0438\u0432\u043e. \u041e\u0442\u043e\u0436 \u0434\u0430\u043b\u0456 \u043f\u0440\u0438\u043a\u043b\u0430\u0442\u0438 \u043a\u043e\u043d\u0444\u0456\u0433\u0443\u0440\u0430\u0446\u0456\u0457: Postfix \u041f\u0456\u0441\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0454\u043c\u043e $ postmap -F hash:\/etc\/postfix\/vmail_ssl.map . . .<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[7,9,1],"tags":[],"class_list":["post-765","post","type-post","status-publish","format-standard","hentry","category-linux","category-comunications","category-1"],"aioseo_notices":[],"featured_image_src":null,"author_info":{"display_name":"Bernyk Dmytro","author_link":"https:\/\/greenhouse.cv.ua\/?author=2"},"_links":{"self":[{"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/posts\/765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=765"}],"version-history":[{"count":4,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/posts\/765\/revisions"}],"predecessor-version":[{"id":774,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=\/wp\/v2\/posts\/765\/revisions\/774"}],"wp:attachment":[{"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/greenhouse.cv.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}