root@Server02:~# apt -y install postfix dovecot-imapd dovecot-pop3d

1.root@Server02:/CA# openssl genrsa -out postfix.key #生成证书秘钥
2.root@Server02:/CA# openssl req -new -key postfix.key -out postfix.csr #根据秘钥生成证书请求
申请过程中输入以下内容，和做apache时差不多

C = CN
ST = China 
L = ShanDong 
O = skills 
OU = Operations Departments 
CN = smtp.skills.com

1.root@Server02:/CA# openssl genrsa -out dovecot.key 
2.root@Server02:/CA# openssl req -new -key dovecot.key -out dovecot.csr
申请过程中输入以下内容

C = CN
ST = China 
L = ShanDong 
O = skills 
OU = Operations Departments 
CN = imap.skills.com

1.root@Server02:/CA# scp postfix.csr dovecot.csr root@172.16.100.254:/CA
2.root@Rserver:/CA# openssl ca -keyfile private/cakey.pem -cert cacert.pem -in postfix.csr -out postfix.crt #CA根服务器根据根私钥，根证书签发证书请求
3.root@Rserver:/CA# openssl ca -keyfile private/cakey.pem -cert cacert.pem -in dovecot.csr -out dovecot.crt
4.root@Rserver:/CA# scp postfix.crt dovecot.crt root@172.16.100.202:/CA #签发好的证书传给邮件服务器

root@Server02:/etc/postfix# vim main.cf
smtpd_tls_cert_file=/CA/postfix.crt  #这里添加我们签发好的证书与密钥
smtpd_tls_key_file=/CA/postfix.key

#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 #注释原有的网络访问
mynetworks = 0.0.0.0/0 #增所有网段访问，实验环境，生产环境需要限制相关网段

mydomain = sdskills.com #添加域名sdskills.com
myorigin = $mydomain #引用mydomain这个变量
root@Server02:/etc/postfix# vim master.cf
smtp      inet  n       -       y       -       -       smtpd #注释掉，一定要在两个用户成功发送邮件之后做，不然发现不了服务器
smtps     inet  n       -       y       -       -       smtpd #取消注释，开启465端口
#  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes #取消注释，启用SSL证书

root@Server02:/etc/dovecot# vim dovecot.conf
!include_try /usr/share/dovecot/protocols.d/*.protocol #注释掉
protocols = imaps #添加993端口，一定要在两个用户成功发送邮件之后做
login_trusted_networks = 0.0.0.0/0 #信任全部的网段
root@Server02:/etc/dovecot/conf.d# vim 10-ssl.conf 

root@Server02:~# systemctl restart postfix dovecot.service

for i in $(seq 1 99) ; do useradd -m -s /bin/bash user$i; done
for i in $(sqq 1 99) ; do echo user$i:SKill21! | chpasswd ; done