POP3+SSL 协议密码应用模拟仿真实验

lightningyang2026-05-01 16:59

一、实验概述

1. 实验目的

  1. 掌握Postfix 邮件发送服务、Dovecot邮件接收服务的安装与配置方法。
  2. 实现POP3+SSL/TLS加密传输,保障邮件接收过程的通信安全。
  3. 完成客户端与服务端的邮件收发、加密接收全流程验证,理解SSL在邮件协议中的应用。

2. 实验环境

  1. 操作系统:openEuler 22.03
  2. 服务端IP:192.168.0.100,主机名:mail.b.com
  3. 客户端IP:192.168.0.101,主机名:mail.a.com
  4. 实验平台:天枢一体化虚拟仿真平台

3. 实验拓扑

二、实验前置准备(服务端+客户端通用)

为避免防火墙、SELinux拦截邮件通信,服务端与客户端均执行以下操作:

|-----------------------------------------------------------------------------------------------------------------------------------------------------|
| # 关闭防火墙 systemctl stop firewalld # 查看防火墙状态(确认inactive) systemctl status firewalld # 临时关闭SELinux setenforce 0 # 查看SELinux状态(确认Permissive) getenforce |

三、服务端配置

1. 安装邮件服务依赖包

进入软件包存放目录,执行批量安装:

|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [root@localhost ~]# cd pop/ [root@localhost pop]# ls clucene-core-2.3.3.4-35.oe2203sp3.x86_64.rpm libstemmer-0-12.oe2203sp3.x86_64.rpm postfix-3.3.1-21.oe2203sp3.x86_64.rpm dovecot-2.3.15-6.oe2203sp3.x86_64.rpm mariadb-connector-c-3.1.13-4.oe2203sp3.x86_64.rpm postfix-help-3.3.1-21.oe2203sp3.noarch.rpm libpq-13.21-1.oe2203sp3.x86_64.rpm pcre-8.45-5.oe2203sp3.x86_64.rpm tar-1.34-5.oe2203sp3.x86_64.rpm [root@localhost pop]# rpm -Uvh *.rpm 警告:clucene-core-2.3.3.4-35.oe2203sp3.x86_64.rpm: 头V4 RSA/SHA256 Signature, 密钥 ID fb37bc6f: NOKEY 警告:dovecot-2.3.15-6.oe2203sp3.x86_64.rpm: 头V4 RSA/SHA256 Signature, 密钥 ID b675600b: NOKEY Verifying... ################################# [100%] 准备中... ################################# [100%] 正在升级/安装... 1:mariadb-connector-c-3.1.13-4.oe22################################# [ 11%] 2:tar-2:1.34-5.oe2203sp3 ################################# [ 22%] 3:postfix-help-2:3.3.1-21.oe2203sp3################################# [ 33%] 4:pcre-8.45-5.oe2203sp3 ################################# [ 44%] 5:libstemmer-0-12.oe2203sp3 ################################# [ 56%] 6:libpq-13.21-1.oe2203sp3 ################################# [ 67%] 7:clucene-core-2.3.3.4-35.oe2203sp3################################# [ 78%] 8:dovecot-1:2.3.15-6.oe2203sp3 ################################# [ 89%] 9:postfix-2:3.3.1-21.oe2203sp3 ################################# [100%] |

安装包清单:postfix、dovecot、mariadb-connector-c、pcre、clucene-core等。

2. 配置Postfix

进入配置文件目录:

|------------------|
| cd /etc/postfix/ |

编辑main.cf,核心配置项如下:

|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| # 基础配置 compatibility_level = 2 inet_interfaces = all inet_protocols = all mydestination = myhostname, localhost.mydomain, localhost mynetworks = 168.100.189.0/28, 127.0.0.0/8 home_mailbox = Maildir/ # 域名与主机名 myhostname = mail.b.com mydomain = b.com myorigin = $mydomain # TLS加密配置 smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_security_level = may smtp_tls_CApath = /etc/pki/tls/certs smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtp_tls_security_level = may |

重启并验证Postfix服务:

|----------------------------------------------------|
| systemctl restart postfix systemctl status postfix |

3. 配置Dovecot

(1)生成SSL自签名证书

|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| cd /etc/dovecot/ # 创建证书存放目录 mkdir ssl cd ssl/ # 生成RSA密钥与证书(有效期365天) openssl req -new -x509 -days 365 -nodes -out /etc/dovecot/ssl/dovecot.pem -keyout /etc/dovecot/ssl/dovecot.key -subj "/C=CN/ST=Beijing/L=Beijing/O=Example Corp/OU=Mail Server/CN=mail.example.com/emailAddress=postmaster@mail.example.com" |

生成后目录下会出现dovecot.pem(证书)、dovecot.key(私钥)。

(2)核心配置修改

启用POP3协议(编辑/etc/dovecot/dovecot.conf):

|-----------------------------------------------------------------------------------------|
| dict { } !include conf.d/*.conf !include_try local.conf # 新增:启用POP3协议 protocols = pop3 |

SSL加密配置(编辑/etc/dovecot/conf.d/10-ssl.conf):

|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ssl = required ssl_cert = </etc/dovecot/ssl/dovecot.pem ssl_key = </etc/dovecot/ssl/dovecot.key ssl_cipher_list = HIGH:!aNULL:!MD5 ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes |

开放POP3S加密端口(编辑/etc/dovecot/conf.d/10-master.conf):

|--------------------------------------------------------------------------------------------------------------------|
| service pop3-login { inet_listener pop3 { } # 开启995端口(POP3+SSL默认端口) inet_listener pop3s { port = 995 ssl = yes } } |

配置邮件存储路径(编辑/etc/dovecot/conf.d/10-mail.conf):

|---------------------------------------------------------------------------------------------|
| mail_location = maildir:~/Maildir namespace inbox { inbox = yes } mbox_write_locks = fcntl |

(3)启动Dovecot服务

|--------------------------------------------------|
| systemctl start dovecot systemctl status dovecot |

✅ 启动成功显示如下:

|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2025-08-29 12:01:12 CST; 17s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 2599 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 2607 (dovecot) Status: "v2.3.15 (0503334ab1) running" Tasks: 5 (limit: 20421) Memory: 4.1M CGroup: /system.slice/dovecot.service ├─ 2607 /usr/sbin/dovecot -F ├─ 2611 dovecot/anvil ├─ 2612 dovecot/log ├─ 2613 dovecot/config └─ 2617 dovecot/stats 8月 29 12:01:12 localhost.localdomain systemd[1]: Starting Dovecot IMAP/POP3 email server... 8月 29 12:01:12 localhost.localdomain dovecot[2607]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login 8月 29 12:01:12 localhost.localdomain dovecot[2607]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login 8月 29 12:01:12 localhost.localdomain dovecot[2607]: master: Dovecot v2.3.15 (0503334ab1) starting up for pop3 8月 29 12:01:12 localhost.localdomain systemd[1]: Started Dovecot IMAP/POP3 email server. |

4. 创建邮件测试用户

|-------------------------------------------------|
| # 创建用户userb useradd userb # 设置用户密码 passwd userb |

四、客户端配置

1. 安装邮件客户端工具

|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [root@localhost ~]# cd pop/ [root@localhost pop]# ls mariadb-connector-c-3.1.13-4.oe2203sp3.x86_64.rpm postfix-3.3.1-21.oe2203sp3.x86_64.rpm pcre-8.45-5.oe2203sp3.x86_64.rpm postfix-help-3.3.1-21.oe2203sp3.noarch.rpm [root@localhost pop]# rpm -Uvh *.rpm 警告:mailx-12.5-32.oe2203sp3.x86_64.rpm: 头V4 RSA/SHA256 Signature, 密钥 ID fb37bc6f: NOKEY Verifying... ################################# [100%] 准备中... ################################# [100%] 正在升级/安装... 1:postfix-help-2:3.3.1-21.oe2203sp3################################# [ 20%] 2:pcre-8.45-5.oe2203sp3 ################################# [ 40%] 3:mariadb-connector-c-3.1.13-4.oe22################################# [ 60%] 4:postfix-2:3.3.1-21.oe2203sp3 ################################# [ 80%] 5:mailx-12.5-32.oe2203sp3 ################################# [100%] |

安装包:postfix、mailx(命令行邮件发送工具)。

2. 配置Postfix(客户端邮件发送)

进入配置目录:

|------------------|
| cd /etc/postfix/ |

编辑main.cf核心配置:

|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| # 基础配置 compatibility_level = 2 inet_interfaces = all inet_protocols = all mydestination = myhostname, localhost.mydomain, localhost mynetworks = 192.168.0.0/24, 127.0.0.0/8 home_mailbox = Maildir/ # 域名与主机名 myhostname = mail.a.com mydomain = a.com myorigin = $mydomain # 转发与解析 relayhost = smtp_host_lookup = native ignore_mx_lookup_error = yes |

启动Postfix服务:

|--------------------------------------------------|
| systemctl start postfix systemctl status postfix |

3. 配置本地hosts解析

将服务端域名与IP绑定,避免DNS解析失败:

|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [root@localhost ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.102 mail.b.com |

五、实验测试(收发+加密接收)

1. 客户端发送邮件到服务端

|----------------------------------------------------------------------------------------------------|
| # 发送测试邮件(主题:Test Mail,内容:Hello from A) echo "Hello from A" | mail -s "Test Mail" userb@mail.b.com |

查看Postfix日志,显示removed表示邮件已成功投递。

|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [root@localhost ~]# systemctl status postfix postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2025-08-29 14:57:59 CST; 6min ago Process: 2908 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS) Process: 2913 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS) Process: 2916 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS) Main PID: 2983 (master) Tasks: 8 (limit: 20421) Memory: 10.1M CGroup: /system.slice/postfix.service ├─ 2983 /usr/libexec/postfix/master -w ├─ 2984 pickup -l -t unix -u ├─ 2985 qmgr -l -t unix -u ├─ 2989 tlsmgr -l -t unix -u ├─ 3016 cleanup -z -t unix -u ├─ 3017 trivial-rewrite -n rewrite -t unix -u ├─ 3018 smtp -t unix -u └─ 3056 smtp -t unix -u 8月 29 15:04:43 localhost.localdomain postfix/pickup[2984]: 114A254013E: uid=0 from=<root> 8月 29 15:04:43 localhost.localdomain postfix/cleanup[3016]: 114A254013E: message-id=<20250829070443.114A254013E@mail.a.com> 8月 29 15:04:43 localhost.localdomain postfix/qmgr[2985]: 114A254013E: from=<root@a.com>, size=418, nrcpt=1 (queue active) 8月 29 15:04:52 localhost.localdomain postfix/smtp[3056]: 114A254013E: to=<userb@mail.b.com>, relay=mail.b.com[192.168.0.100]:25, delay=0.5, delays=0.01/0/0.5/0, dsn> 8月 29 15:04:52 localhost.localdomain postfix/qmgr[2985]: 114A254013E: removed |

2. 服务端验证邮件接收

|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| # 进入用户邮件目录 cd /home/userb/Maildir/new # 查看邮件文件 [root@localhost new]# ls 1756451092.Vfd02I10000aM610453.localhost.localdomain # 读取邮件内容 [root@localhost new]# cat 1756451092.Vfd02I10000aM610453.localhost.localdomain Return-Path: <root@a.com> X-Original-To: userb@mail.b.com Delivered-To: userb@mail.b.com Received: from mail.a.com (unknown [192.168.0.101]) by mail.b.com (Postfix) with ESMTPS id 940DD54014D for <userb@mail.b.com>; Fri, 29 Aug 2025 15:04:52 +0800 (CST) Received: by mail.a.com (Postfix, from userid 0) id 114A254013E; Fri, 29 Aug 2025 15:04:43 +0800 (CST) Date: Fri, 29 Aug 2025 15:04:43 +0800 To: userb@mail.b.com Subject: Test Mail User-Agent: Heirloom mailx 12.5 6/20/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20250829070443.114A254013E@mail.a.com> From: root <root@a.com> Hello from A |

可看到完整邮件头、发件人、主题、正文,证明发送成功。

3. 客户端POP3+SSL加密下载邮件

通过openssl s_client建立SSL加密连接,模拟POP3客户端接收邮件:

|-------------------------------------------------------------------------------------------------------------------------------------------------------|
| (echo "USER userb"; echo 'PASS Test123'; echo "LIST"; echo "RETR 1"; echo "QUIT"; sleep 1) | openssl s_client -connect mail.b.com:995 -tls1_2 -quiet |

关键返回结果:

  • +OK Dovecot ready.:服务端就绪
  • +OK Logged in.:用户登录成功
  • LIST:列出邮件列表
  • RETR 1:读取第一封邮件(含完整加密传输内容)
  • +OK Logging out.:安全退出

✅ 全程基于TLS1.2加密传输,无明文泄露,完成POP3+SSL仿真目标。

|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| mail.b.com:995 -tls1_2 -quiet depth=0 C = CN, ST = Beijing, L = Beijing, O = Example Corp, OU = Mail Server, CN = mail.example.com, emailAddress = postmaster@mail.example.com verify error:num=18:self signed certificate verify return:1 depth=0 C = CN, ST = Beijing, L = Beijing, O = Example Corp, OU = Mail Server, CN = mail.example.com, emailAddress = postmaster@mail.example.com verify return:1 +OK Dovecot ready. +OK +OK Logged in. +OK 6 messages: 1 680 2 680 3 680 4 680 5 680 6 680 . +OK 680 octets Return-Path: <root@a.com> X-Original-To: userb@mail.b.com Delivered-To: userb@mail.b.com Received: from mail.a.com (unknown [192.168.0.101]) by mail.b.com (Postfix) with ESMTPS id 940DD54014D for <userb@mail.b.com>; Fri, 29 Aug 2025 15:04:52 +0800 (CST) Received: by mail.a.com (Postfix, from userid 0) id 114A254013E; Fri, 29 Aug 2025 15:04:43 +0800 (CST) Date: Fri, 29 Aug 2025 15:04:43 +0800 To: userb@mail.b.com Subject: Test Mail User-Agent: Heirloom mailx 12.5 6/20/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20250829070443.114A254013E@mail.a.com> From: root <root@a.com> Hello from A . +OK Logging out. |

相关推荐
淼淼爱喝水2 天前
openEuler 环境下 Ansible Playbook 实战:批量创建用户并修改 Shell 属性
linux·运维·服务器·openeuler·playbook
lightningyang13 天前
Web + SSL(国密)应用协议模拟仿真实验
天枢一体化虚拟仿真平台·密码技术应用实验
淼淼爱喝水1 个月前
OpenEuler 操作系统期末复习:核心命令汇总
linux·考试·openeuler
淼淼爱喝水1 个月前
OpenEuler 系统下 Ansible 环境部署与连通性测试完整步骤
linux·开发语言·php·openeuler
淼淼爱喝水1 个月前
openEuler 下 Ansible 模块缺失 / 损坏后重装完整教程
linux·openeuler·技术实操
向上的车轮1 个月前
初始安装openEuler后,openEuler如何启用网卡?
openeuler
淼淼爱喝水1 个月前
openEuler 系统下 Ansible 一键安装教程(保姆级)
运维·ansible·openeuler
PascalMing1 个月前
openEuler 25.09 安装 .NET 10(二进制 tar.gz 包)教程
.net·openeuler
时空未宇1 个月前
Hi3403开发板 + openEuler Embedded 部署 openClaw + 飞书
人工智能·openeuler·openclaw·hi3403
热门推荐
01GitHub 镜像站点02要裂开了!ChatGPT要手机号验证了?注册Codex要求验证电话号码怎么办?2026年登陆Codex要手机号验证的解决办法03Codex 接入 DeepSeek API 完整配置文档04裂开!ChatGPT 居然开始要手机号验证,附详细解决方法05【AI】2026 年具身智能模型和世界模型总结062026年4月AI大事件深度解读:大模型竞争进入“深水区“07实测可用|小米 MiMo 百万亿 Token 免费领,开发者速冲08近期有什么ai的新消息,新动态? 2026.4月092026年AI编程工具终极横评:Cursor vs Claude Code vs Copilot10在Windows 11上安装Docker的踩坑记录