\uc774 \uae00\uc5d0\uc11c\ub294 \uc55e\uc11c \uad6c\ucd95\ud55c Postfix \uba54\uc77c \uc11c\ubc84\uc5d0 TLS\/SSL \uc554\ud638\ud654\ub97c \uc801\uc6a9\ud558\uc5ec \uba54\uc77c \uc804\uc1a1\uc758 \ubcf4\uc548\uc744 \uac15\ud654\ud558\ub294 \ubc29\ubc95\uc744 \ub2e4\ub8f9\ub2c8\ub2e4. Let’s Encrypt \uc778\uc99d\uc11c\ub97c \uc0ac\uc6a9\ud558\uc5ec \ubb34\ub8cc\ub85c SSL \uc778\uc99d\uc11c\ub97c \uc801\uc6a9\ud558\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n
\uc0ac\uc124 \uc778\uc99d\uc11c\ub294 \uc678\ubd80 \uba54\uc77c\uc11c\ubc84\uc5d0\uc11c \uac70\ubd80\ub420 \uc218 \uc788\uc73c\ubbc0\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n
\uba54\uc77c \uc11c\ubc84\uc5d0\uc11c TLS\/SSL\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ub429\ub2c8\ub2e4:<\/p>\n
# OpenSSL\uc774 \ucd5c\uc2e0 \ubc84\uc804\uc778\uc9c0 \ud655\uc778\nsudo apt update\nsudo apt install openssl ca-certificates -y<\/code><\/pre>\n2. Postfix \uba54\uc778 \uc124\uc815 \ud30c\uc77c \uc218\uc815<\/h3>\nsudo vi \/etc\/postfix\/main.cf\n......\nsmtpd_tls_cert_file = \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\nsmtpd_tls_key_file = \/etc\/letsencrypt\/live\/example.com\/privkey.pem\n\nsmtpd_tls_security_level = may\nsmtp_tls_security_level = may\n\nsmtpd_tls_auth_only = yes\n......<\/code><\/pre>\n3. Postfix Master \uc124\uc815 \ud30c\uc77c \uc218\uc815<\/h3>\n
submission(\ud3ec\ud2b8 587)\uacfc smtps(\ud3ec\ud2b8 465)\ub97c \uc704\ud55c \uc124\uc815\uc744 \ucd94\uac00\ud569\ub2c8\ub2e4:<\/p>\n
sudo vi \/etc\/postfix\/master.cf\n......\nsubmission inet n - y - - smtpd\n -o smtpd_tls_security_level=encrypt\n -o smtpd_sasl_auth_enable=yes\n\nsmtps inet n - y - - smtpd\n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes\n......<\/code><\/pre>\n4. \ubc29\ud654\ubcbd \uc124\uc815 \uc5c5\ub370\uc774\ud2b8<\/h3>\n
SMTPS\uc640 Submission \ud3ec\ud2b8\ub97c \uc5f4\uc5b4\uc90d\ub2c8\ub2e4:<\/p>\n
# \ud3ec\ud2b8 587 (Submission) \uc5f4\uae30\nsudo ufw allow 587\/tcp\n\n# \ud3ec\ud2b8 465 (SMTPS) \uc5f4\uae30\nsudo ufw allow 465\/tcp\n\n# \ud604\uc7ac \uc5f4\ub9b0 \ud3ec\ud2b8 \ud655\uc778\nsudo ufw status<\/code><\/pre>\n\uc778\uc99d\uc11c \uad8c\ud55c \uc124\uc815<\/h2>\n1. Postfix\uac00 \uc778\uc99d\uc11c\uc5d0 \uc811\uadfc\ud560 \uc218 \uc788\ub3c4\ub85d \uad8c\ud55c \uc124\uc815<\/h3>\n# postfix \uc0ac\uc6a9\uc790\ub97c ssl-cert \uadf8\ub8f9\uc5d0 \ucd94\uac00\nsudo usermod -a -G ssl-cert postfix\n\n# \uc778\uc99d\uc11c \ub514\ub809\ud1a0\ub9ac \uad8c\ud55c \ud655\uc778\nsudo ls -la \/etc\/letsencrypt\/live\/example.com\/<\/code><\/pre>\n2. \uc124\uc815 \uac80\uc99d \ubc0f \uc11c\ube44\uc2a4 \uc7ac\uc2dc\uc791<\/h3>\n# Postfix \uc124\uc815 \uac80\uc99d\nsudo postfix check\n\n# \ubb38\uc81c\uac00 \uc5c6\ub2e4\uba74 \uc11c\ube44\uc2a4 \uc7ac\uc2dc\uc791\nsudo systemctl restart postfix\n\n# \uc11c\ube44\uc2a4 \uc0c1\ud0dc \ud655\uc778\nsudo systemctl status postfix<\/code><\/pre>\nTLS \uc5f0\uacb0 \ud14c\uc2a4\ud2b8<\/h2>\n# SMTP \ud3ec\ud2b8 25 TLS \uc9c0\uc6d0 \ud655\uc778\nopenssl s_client -connect mail.example.com:25 -starttls smtp\n\n# Submission \ud3ec\ud2b8 587 TLS \uc5f0\uacb0 \ud14c\uc2a4\ud2b8\nopenssl s_client -connect mail.example.com:587 -starttls smtp\n\n# SMTPS \ud3ec\ud2b8 465 TLS \uc5f0\uacb0 \ud14c\uc2a4\ud2b8 (\uc9c1\uc811 TLS)\nopenssl s_client -connect mail.example.com:465<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"Postfix \uc124\uce58 (3\/4) – TLS\/SSL \uc554\ud638\ud654 \uc124\uc815 \uac00\uc774\ub4dc \uc774 \uae00\uc5d0\uc11c\ub294 \uc55e\uc11c \uad6c\ucd95\ud55c Postfix \uba54\uc77c \uc11c\ubc84\uc5d0 TLS\/SSL \uc554\ud638\ud654\ub97c \uc801\uc6a9\ud558\uc5ec \uba54\uc77c \uc804\uc1a1\uc758 \ubcf4\uc548\uc744 \uac15\ud654\ud558\ub294 \ubc29\ubc95\uc744 \ub2e4\ub8f9\ub2c8\ub2e4. Let’s Encrypt \uc778\uc99d\uc11c\ub97c \uc0ac\uc6a9\ud558\uc5ec \ubb34\ub8cc\ub85c SSL \uc778\uc99d\uc11c\ub97c \uc801\uc6a9\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc0ac\uc124 \uc778\uc99d\uc11c\ub294 \uc678\ubd80 \uba54\uc77c\uc11c\ubc84\uc5d0\uc11c \uac70\ubd80\ub420 \uc218 \uc788\uc73c\ubbc0\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4. \uac1c\uc694 \uba54\uc77c \uc11c\ubc84\uc5d0\uc11c TLS\/SSL\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ub429\ub2c8\ub2e4: \uc804\uc1a1 \uc911 \uc554\ud638\ud654: \uba54\uc77c \ub0b4\uc6a9\uc774 \uc804\uc1a1\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-10758","post","type-post","status-publish","format-standard","hentry","category-sendmail"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/10758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10758"}],"version-history":[{"count":11,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/10758\/revisions"}],"predecessor-version":[{"id":10813,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/10758\/revisions\/10813"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}