2018-08-20 15:16:35    2018-08-20 15:16:35   

postfix 邮件服务器 Roundcube Roundcubemail
## 这里介绍两种加密方法:Roundcubemail自带的PGP插件加密和第三方插件Mailvelope加密 ### 一、Roundcubemail自带的PGP插件加密 #### 配置发件人的签名信息 ![](https://image.ynotes.cn/18-8-20/52424548.jpg)    #### 配置PGP密钥对 ![](https://image.ynotes.cn/18-8-20/12310155.jpg)    #### 设置PGP私钥密码 ![](https://image.ynotes.cn/18-8-20/51664035.jpg)    #### 生成了密钥对 ![](https://image.ynotes.cn/18-8-20/56071063.jpg)    #### 设置加密选项 ![](https://image.ynotes.cn/18-8-20/88918582.jpg)    #### 发送公钥给test01 ![](https://image.ynotes.cn/18-8-20/92981185.jpg) ![](https://image.ynotes.cn/18-8-20/41683578.jpg)    #### test01收到公钥并添加到公钥(test01的密钥对的生成跟前面的test02操作一样) ![](https://image.ynotes.cn/18-8-20/13807193.jpg)    #### test02\@unotes.co的公钥已经添加成功 ![](https://image.ynotes.cn/18-8-20/97274363.jpg)    #### test01使用test02的公钥加密发送邮件给test02(只有拥有该公钥所对应的私钥的用户才能解密) ![](https://image.ynotes.cn/18-8-20/88244155.jpg) ![](https://image.ynotes.cn/18-8-20/64025748.jpg)    #### test01需输入密码,对该邮件进行签名 ![](https://image.ynotes.cn/18-8-20/55239850.jpg)    #### test02收到了test01的加密邮件 ![](https://image.ynotes.cn/18-8-20/89570053.jpg) #### 如果test02使用了没有私钥的客户端foxmail打开,是看不到加密邮件的真实内容 ![](https://image.ynotes.cn/18-8-20/75606557.jpg)    ### 二、第三方插件Mailvelope加密 浏览器需要安装Mailvelope扩展插件 ![](https://image.ynotes.cn/18-8-20/22598679.jpg) **firefox:** `https://download.mailvelope.com/releases/latest/mailvelope.firefox.xpi` **chrome:** `https://chrome.google.com/webstore/detail/kajibbejlbohfaggdiogboambcijhkke`       #### 安装扩展完成,之后浏览器上会有个小锁图标 ![](https://image.ynotes.cn/18-8-20/71417391.jpg)      #### 这里测试chrome登录test01的邮箱,火狐登录test02的邮箱 #### 激活当前域名的开启Mailvelope ![](https://image.ynotes.cn/18-8-20/68133310.jpg) ![](https://image.ynotes.cn/18-8-20/61285170.jpg)    #### 添加成功后,发送邮件页面会多一个加密图标 ![](https://image.ynotes.cn/18-8-20/83700494.jpg)    #### 导入双方的公私钥 #### chrome的Mailvelope导入test01的私钥以及test02的公钥 ![](https://image.ynotes.cn/18-8-20/92526057.jpg) ![](https://image.ynotes.cn/18-8-20/61774999.jpg)    #### firefox的Mailvelope导入test02的私钥以及test01的公钥 ![](https://image.ynotes.cn/18-8-20/64105510.jpg)    #### 测试test01给test02发送一份通过Mailvelope加密的邮件 ![](https://image.ynotes.cn/18-8-20/954079.jpg)    #### test02收到加密的邮件,通过私钥自动解密 ![](https://image.ynotes.cn/18-8-20/12330240.jpg)    #### 如果test02使用了没有私钥的客户端foxmail打开,是看不到加密邮件的真实内容 ![](https://image.ynotes.cn/18-8-20/19852859.jpg)
阅读 126 评论 0 收藏 0
阅读 126
评论 0
收藏 0

   2018-08-19 19:17:36    2018-08-19 19:17:36   

postfix 邮件服务器 Roundcube Roundcubemail
### Roundcubemail介绍   *RoundCube Webmail是一个基于浏览器,支持多国语言的IMAP客户端,操作界面看起像一个桌面应用程序   它提供一个e-mail客户端应该具备的所有功能包括MIME支持,地址薄,文件夹操作,信息搜索和拼写检查。RoundCube Webmail采用PHP+Ajax开发并且需要MySQL数据库来存储数据。 用户界面采用XHTML+CSS2设计。*    ### 安装LAMP 参考[邮件服务器之postfix+dovecot+postfixadmin+TLS](https://ynotes.cn/blog/article_detail/143)中的`LAMP`部分          ### 安装Roundcubemail(1.3.7版本) 下载地址: `https://roundcube.net/` ```bash $ wget https://github.com/roundcube/roundcubemail/releases/download/1.3.7/roundcubemail-1.3.7-complete.tar.gz $ tar -xf roundcubemail-1.3.7-complete.tar.gz -C /var/www/html/ $ cd /var/www/html/ $ mv roundcubemail-1.3.7 webmail ``` ### 浏览器访问`http://roundcube_server_ip/webmail/installer/` ![](https://image.ynotes.cn/18-8-19/59318596.jpg) ![](https://image.ynotes.cn/18-8-19/30786452.jpg) 上面提示时区没有配置 ```bash $ vim /etc/php.ini ``` ``` date.timezone = Asia/Shanghai ``` ![](https://image.ynotes.cn/18-8-19/95449628.jpg) ![](https://image.ynotes.cn/18-8-19/52171862.jpg) ![](https://image.ynotes.cn/18-8-19/72514419.jpg) ![](https://image.ynotes.cn/18-8-19/35096279.jpg) ![](https://image.ynotes.cn/18-8-19/39801531.jpg) ![](https://image.ynotes.cn/18-8-19/35432756.jpg) ![](https://image.ynotes.cn/19-2-23/12425125.jpg)          ### 配置插件 ```bash $ vim /var/www/html/webmail/config/config.inc.php ``` ``` $config['smtp_user'] = '%u'; $config['smtp_pass'] = '%p'; $config['product_name'] = 'unotes.co Webmail'; $config['plugins'] = array('attachment_reminder', 'autologon', 'emoticons', 'enigma', 'filesystem_attachments', 'markasjunk', 'newmail_notifier', 'password', 'show_additional_headers', 'userinfo', 'virtuser_file','virtuser_query', 'zipdownload'); $config['password_dovecotpw'] = '/usr/bin/doveadm pw'; $config['password_dovecotpw_method'] = 'CRAM-MD5'; $config['password_dovecotpw_with_method'] = false; $config['password_force_new_user'] = true; $config['password_driver'] = 'sql'; //下面配置postfix库的访问账号 $config['password_db_dsn'] = 'mysql://username:password@localhost/postfix'; ```    ### 添加automatic_addressbook插件(自动补全已发送过的邮件地址) #### 安装插件 ```bash $ cd /var/www/html/webmail/plugins $ wget https://github.com/sblaisot/automatic_addressbook/archive/master.zip $ tar xvf master.zip $ rm master.zip $ mv automatic_addressbook-master automatic_addressbook $ chown -R apache.apache automatic_addressbook ``` #### 添加插件相关的表 ```bash mysql>use roundcubemail; mysql>source automatic_addressbook/SQL/mysql.initial.sql; ``` #### 修改config配置 ```bash $ vim /var/www/html/webmail/config/config.inc.php ``` ``` $config['plugins'] = array('attachment_reminder', 'autologon', 'emoticons', 'enigma', 'automatic_addressbook', 'filesystem_attachments', 'markasjunk', 'newmail_notifier', 'password', 'show_additional_headers', 'userinfo', 'virtuser_file','virtuser_query', 'zipdownload'); ``` #### 重启服务 ```bash $ /etc/init.d/httpd restart ```    ### 登录webmail `http://mail.unotes.co/webmail` ![](https://image.ynotes.cn/18-8-19/78965000.jpg)    ### 配置SSL 增加ssl.conf ```bash /etc/httpd/conf.d/ssl.conf ``` ``` <VirtualHost *:80> ServerName mail.unotes.co RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R] </VirtualHost> ``` ``` LoadModule ssl_module modules/mod_ssl.so Listen 443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin <VirtualHost _default_:443> DocumentRoot "/var/www/html" ServerName mail.unotes.co SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl/mail.unotes.co.crt SSLCertificateKeyFile /etc/httpd/conf/ssl/mail.unotes.co.key SSLCertificateChainFile /etc/httpd/conf/ssl/ca.crt ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLProtocol all -SSLv2 SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> ``` 重定向80->443 ```bash $ vim /etc/httpd/conf/httpd.conf ``` 拷贝证书到/etc/httpd/conf/ssl ```bash $ cp /etc/postfix/ssl/* /etc/httpd/conf/ssl ``` 重启服务 ```bash $ /etc/init.d/httpd restart ``` 访问 `https://mail.unotes.co/webmail/` ![](https://image.ynotes.cn/18-8-19/74998541.jpg)
阅读 198 评论 0 收藏 0
阅读 198
评论 0
收藏 0