メールサーバー暗号化の動作確認
ポート
| プロトコル名 | 通称 | サービス名 | ポート |
|---|---|---|---|
| POP | POP3 | pop3 | 110 |
| POP over SSL/TLS | POP3S | pop3s | 995 |
| IMAP | IMAP4 | imap | 143 |
| IMAP over SSL/TLS | IMAP4S | imaps | 993 |
| SMTP | smtp | 25 | |
| Message Submission | smtp-submission | 587 | |
| SMTP over SSL | SMTPS | smtps | 465 |
firewalld
firewall-cmd --permanent --add-service={{pop3,smtp},s} && firewall-cmd --reload
firewall-cmd --permanent --add-service={{imap,smtp},s} && firewall-cmd --reload
IMAP over SSL (IMAPS) の動作確認
firewall-cmd --permanent --add-service={{pop3,smtp},s} && firewall-cmd --reload
firewall-cmd --permanent --add-service={{imap,smtp},s} && firewall-cmd --reload
openssl s_client で 993 ポートにアクセスする。
openssl s_client -connect mail.example.jp:993
出力例
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = mail.example.jp
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.jp
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
...(snip)...
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.jp
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 5149 bytes and written 437 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: BA3614B7D3F083EC223AB222AB6AE383718B4E2535730BE18743BD47D0487B14
Session-ID-ctx:
Master-Key: D8D282CB2254BE31EB24D6F5541DF27A41327ACB646D992AA20121E5F1062C403AF7C86CE52AC69BE5DAF688499A0EDD
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - be d8 66 e4 42 12 0a 35-11 12 35 a7 cf 65 cc 94 ..f.B..5..5..e..
...(snip)...
0090 - a5 b1 3e e9 ae e8 c9 a9-41 71 86 e5 e2 34 e0 48 ..>.....Aq...4.H
Start Time: 1470415848
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
入力例
a login [email protected] P@assw0rd
出力例
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
入力例
a namespace
出力例
* NAMESPACE (("" ".")) NIL NIL
a OK Namespace completed.
入力例
a list "" "*"
出力例
* LIST (\HasNoChildren) "." "Trash"
* LIST (\HasNoChildren) "." "INBOX"
* LIST (\HasNoChildren) "." "Sent"
* LIST (\HasNoChildren) "." "Drafts"
* LIST (\HasNoChildren) "." "Sent Items"
a OK List completed.
入力例
a select inbox
出力例
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $NotJunk)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $NotJunk \*)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1446412932] UIDs valid
* OK [UIDNEXT 906] Predicted next UID
* OK [HIGHESTMODSEQ 1285] Highest
a OK [READ-WRITE] Select completed.
入力例
a search all
出力例
* SEARCH 1
a OK Search completed (0.000 secs).
入力例
a fetch 1 full
出力例
* 1 FETCH (FLAGS () INTERNALDATE "16-Sep-2016 00:00:00 +0900" RFC822.SIZE 14203 ENVELOPE ("Fri, 16 Sep 2016 00:00:00 -0700" "DOC_4258" (("Della" NIL "Della57" "example.jp")) (("Della" NIL "Della57" "example.jp")) (("Della" NIL "Della57" "example.jp")) (("[email protected]" NIL "user" "example.jp")) NIL NIL NIL "<[email protected]>") BODY (("text" "plain" ("charset" "us-ascii") "<[email protected]>" NIL "quoted-printable" 4 2)("application" "zip" ("name" "DOC_4258.zip") "<[email protected]>" "DOC_4258.zip" "base64" 12696) "mixed"))
a OK Fetch completed.
入力例
a logout
出力例
* BYE Logging out
a OK Logout completed.
closed
POP3 over SSL (POP3S)
openssl s_client で 995 ポートにアクセスする。
openssl s_client -connect mail.example.jp:995
出力例
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = mail.example.jp
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.jp
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
...(snip)...
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.jp
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 5149 bytes and written 437 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 078046975542568EE9D0F53D9C9F21DA11F16E936B13E0FB6A6479662A03D9F6
Session-ID-ctx:
Master-Key: 09246D1C31A97EB0E15B1C9A5A265780940D6EE31A752A5BB5DF061CAE848819EC5C2391A5469C34BA96B44C204F988A
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - dd a6 23 3b 32 f3 b5 fc-b5 7b b5 0c 36 12 b1 8f ..#;2....{..6...
...(snip)...
0090 - 9c cd 3f 08 5b 9c 7e 3e-e0 59 36 d4 7e c8 9d 72 ..?.[.~>.Y6.~..r
Start Time: 1470416899
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
+OK Dovecot ready.
入力例
user [email protected] P@ssw0rd
出力例
+OK
Author And Source
この問題について(メールサーバー暗号化の動作確認), 我々は、より多くの情報をここで見つけました https://qiita.com/bezeklik/items/4cbb6920f7b740289ed6著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .