LoginSignup
1
1

More than 5 years have passed since last update.

@bezeklik(Bezeklik)

メールサーバー暗号化の動作確認

Last updated at Posted at 2016-08-07

ポート

プロトコル名 通称 サービス名 ポート
POP POP3 pop3 110
POP over SSL/TLS POP3S pop3s 995
IMAP IMAP4 imap 143
IMAP over SSL/TLS IMAP4S imaps 993
SMTP smtp 25
Message Submission smtp-submission 587
SMTP over SSL SMTPS smtps 465

firewalld

firewall-cmd --permanent --add-service={{pop3,smtp},s} && firewall-cmd --reload

firewall-cmd --permanent --add-service={{imap,smtp},s} && firewall-cmd --reload

IMAP over SSL (IMAPS) の動作確認

openssl s_client で 993 ポートにアクセスする。

openssl s_client -connect mail.example.jp:993
出力例
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = mail.example.jp
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.jp
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
...(snip)...
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.jp
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 5149 bytes and written 437 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: BA3614B7D3F083EC223AB222AB6AE383718B4E2535730BE18743BD47D0487B14
    Session-ID-ctx:
    Master-Key: D8D282CB2254BE31EB24D6F5541DF27A41327ACB646D992AA20121E5F1062C403AF7C86CE52AC69BE5DAF688499A0EDD
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - be d8 66 e4 42 12 0a 35-11 12 35 a7 cf 65 cc 94   ..f.B..5..5..e..
    ...(snip)...
    0090 - a5 b1 3e e9 ae e8 c9 a9-41 71 86 e5 e2 34 e0 48   ..>.....Aq...4.H

    Start Time: 1470415848
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
入力例
a login user@example.jp P@assw0rd
出力例
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
入力例
a namespace
出力例
* NAMESPACE (("" ".")) NIL NIL
a OK Namespace completed.
入力例
a list "" "*"
出力例
* LIST (\HasNoChildren) "." "Trash"
* LIST (\HasNoChildren) "." "INBOX"
* LIST (\HasNoChildren) "." "Sent"
* LIST (\HasNoChildren) "." "Drafts"
* LIST (\HasNoChildren) "." "Sent Items"
a OK List completed.
入力例
a select inbox
出力例
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $NotJunk)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $NotJunk \*)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1446412932] UIDs valid
* OK [UIDNEXT 906] Predicted next UID
* OK [HIGHESTMODSEQ 1285] Highest
a OK [READ-WRITE] Select completed.
入力例
a search all
出力例
* SEARCH 1
a OK Search completed (0.000 secs).
入力例
a fetch 1 full
出力例
* 1 FETCH (FLAGS () INTERNALDATE "16-Sep-2016 00:00:00 +0900" RFC822.SIZE 14203 ENVELOPE ("Fri, 16 Sep 2016 00:00:00 -0700" "DOC_4258" (("Della" NIL "Della57" "example.jp")) (("Della" NIL "Della57" "example.jp")) (("Della" NIL "Della57" "example.jp")) (("user@example.jp" NIL "user" "example.jp")) NIL NIL NIL "<9FC537814278FCDA2BD7BE1E58D4E8BD3E28F7@9FC537814278F.example.jp>") BODY (("text" "plain" ("charset" "us-ascii") "<DE8B5135A5A6379E5F5EF65470938B22@example.jp>" NIL "quoted-printable" 4 2)("application" "zip" ("name" "DOC_4258.zip") "<6F6C79F2CF9FD2398479C1B1066FBF36@example.jp>" "DOC_4258.zip" "base64" 12696) "mixed"))
a OK Fetch completed.
入力例
a logout
出力例
* BYE Logging out
a OK Logout completed.
closed

POP3 over SSL (POP3S)

openssl s_client で 995 ポートにアクセスする。

openssl s_client -connect mail.example.jp:995
出力例
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = mail.example.jp
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.jp
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
...(snip)...
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.jp
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 5149 bytes and written 437 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: 078046975542568EE9D0F53D9C9F21DA11F16E936B13E0FB6A6479662A03D9F6
    Session-ID-ctx:
    Master-Key: 09246D1C31A97EB0E15B1C9A5A265780940D6EE31A752A5BB5DF061CAE848819EC5C2391A5469C34BA96B44C204F988A
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - dd a6 23 3b 32 f3 b5 fc-b5 7b b5 0c 36 12 b1 8f   ..#;2....{..6...
    ...(snip)...
    0090 - 9c cd 3f 08 5b 9c 7e 3e-e0 59 36 d4 7e c8 9d 72   ..?.[.~>.Y6.~..r

    Start Time: 1470416899
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
+OK Dovecot ready.
入力例
user user@example.jp P@ssw0rd
出力例
+OK
1
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
1