Perdition Mail代理服务器配置
可以直接使用我的docker代码部署:https://github.com/bigfoxtail/perdition-gmail.git
使用apt或yum安装perdition ,然后使用命令/etc/init.d/perdition stop停止服务,防止后面修改参数后残留进程。
Debian系Linux首先打开/etc/default/perdition文件,修改POP3、IMAP4等不需要的服务为no,取消不用的服务启动。
然后创建文件/etc/perdition/perdition.imap4s.conf
(imap ssl使用该文件,其他的文件类似下面/etc/perdition/perdition.pop3s.conf /etc/perdition/perdition.pop3.conf /etc/perdition/perdition.imap4.conf /etc/perdition/perdition.imap4s.conf这名称)
配置内容如下:(代理gmail,使用自己的证书SSL加密,校验服务器证书)
outgoing_server imap.gmail.com
outgoing_port 993
log_facility mail
imap_capability IMAP4 IMAP4REV1 LITERAL+ UIDPLUS SORT QUOTA IDLE STARTTLS AUTH=PLAIN
ssl_mode ssl_listen,ssl_outgoing
connection_limit 512
log_passwd fail
server_resp_line
timeout 300
ssl_cert_file /etc/perdition/perdition.crt.pem
ssl_dh_params_file /etc/perdition/dhparam.pem
ssl_key_file /etc/perdition/perdition.key.pem
ssl_listen_ciphers "HIGH:!aNULL:!MD5"
ssl_outgoing_ciphers "HIGH:!aNULL:!MD5"
ssl_outgoing_min_proto_version "tlsv1.2"
ssl_listen_min_proto_version "tlsv1.2"
ssl_no_cert_verify
#ssl_no_cn_verify具体参数可以去官方查看,https://projects.horms.net/projects/perdition/perdition.8.shtml,不过不建议深入研究了,项目已经很久没有更新了,官方文档也比较笼统,凑合能用就行了。
然后生成dh的密钥openssl dhparam -out /etc/perdition/dhparam.pem 2048,启动服务/etc/init.d/perdition start,至此就可以使用该服务器提供的代理了。
该方法只代理指定imap服务器,如果需要通用的代理方式或者管理筛选之类的功能,可以使用它提供的数据库方案。
注意,访问gmail的服务器会报异常/OU=No SNI provided; please fix your client./CN=invalid2.invalid,报错原因是由于没有传入主机名称不支持SNI导致的,需要对代码进行修复,补丁如下:
fix ssl
Support SNI (gmail require it)
--- a/perdition/ssl.c
+++ b/perdition/ssl.c
@@ -64,7 +64,7 @@
static int __perdition_ssl_check_certificate(io_t * io, const char *ca_file,
const char *ca_path, const char *server);
static io_t *__perdition_ssl_connection(io_t *io, SSL_CTX *ssl_ctx,
- flag_t flag);
+ flag_t flag, const char *server);
struct passwd_cb_data {
@@ -1281,7 +1281,7 @@
**********************************************************************/
static io_t *__perdition_ssl_connection(io_t *io, SSL_CTX *ssl_ctx,
- flag_t flag)
+ flag_t flag, const char *server)
{
io_t *new_io = NULL;
SSL *ssl = NULL;
@@ -1294,6 +1294,15 @@
goto bail;
}
+ if (server != NULL) {
+ long r;
+ r = SSL_set_tlsext_host_name(ssl, server);
+ if (0 == r) {
+ /* handle error */
+ VANESSA_LOGGER_INFO_UNSAFE("Warning: SSL_set_tlsext_host_name(\"%s\") failed (code %#lx), trying to continue.", server, r);
+ }
+ }
+
/* Set up io object that will use SSL */
new_io = io_create_ssl(ssl, io_get_rfd(io), io_get_wfd(io),
io_get_name(io));
@@ -1390,7 +1399,9 @@
return NULL;
}
- new_io = __perdition_ssl_connection(io, ssl_ctx, PERDITION_SSL_CLIENT);
+ VANESSA_LOGGER_DEBUG_RAW_UNSAFE("ssl connection server %s", server);
+
+ new_io = __perdition_ssl_connection(io, ssl_ctx, PERDITION_SSL_CLIENT, server);
if (!new_io) {
VANESSA_LOGGER_DEBUG("perdition_ssl_connection");
return NULL;
@@ -1424,7 +1435,7 @@
{
io_t *new_io;
- new_io = __perdition_ssl_connection(io, ssl_ctx, PERDITION_SSL_SERVER);
+ new_io = __perdition_ssl_connection(io, ssl_ctx, PERDITION_SSL_SERVER, NULL);
if (!new_io) {
VANESSA_LOGGER_DEBUG("perdition_ssl_connection");
return NULL;
参考链接:
- https://bugzilla.redhat.com/show_bug.cgi?id=1611815
- https://gitlab.com/fetchmail/fetchmail/commit/9b8b634312f169fab872f3580c2febe5af031615
- https://www.debianhelp.co.uk/perdition.htm
- https://doc.ubuntu-fr.org/perdition
- https://blog.icedream.xyz/2020/11/23/%E5%88%A9%E7%94%A8--%E4%BB%A3%E7%90%86-imap/
- http://opentodo.net/2012/04/configuring-an-imappop-proxy-with-perdition-and-mysql/
- https://we.riseup.net/debian/perdition
- https://mikepultz.com/2011/10/secure-email-exim-dovecot-perdition/
- http://cactogeek.free.fr/autres/DocumentationLinux-Windows/LinuxUbuntu/proxy_IMAP-POP-SMTP_securise.pdf
- https://www.xenabeast.com/set-up-an-imap-proxy-on-linux-ubuntu/
