brent Posted June 18, 2018 Share Posted June 18, 2018 Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. This rpm supports LDAP, SMTP AUTH (trough cyrus-sasl) and TLS. Lets get started.First of all we need to install postfix sudo apt-get install postfix sudo /usr/lib/ssl/misc/CA.sh -newca CA certificate filename (or enter to create) (press Enter here) Making CA certificate ... Generating a 1024 bit RSA private key ..........++++++ .........++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: <type a password here> Verifying - Enter PEM pass phrase: <retype the password> ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: <enter> State or Province Name (full name) [Some-State]: <enter> Locality Name (eg, city) []: <enter> Organization Name (eg, company) [Internet Widgits Pty Ltd]: <enter> Organizational Unit Name (eg, section) []: <enter> Common Name (eg, YOUR name) []: <your name> Email Address []: <your email> Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <enter> An optional company name []: <enter> Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/./cakey.pem: <same password as before> Check that the request matches the signature Signature ok $ openssl genrsa -out NAS.key 1024 Generating RSA private key, 1024 bit long modulus $ openssl req -new -key NAS.key -out NAS.csr -days 3650 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: <enter> State or Province Name (full name) [Some-State]: <enter> Locality Name (eg, city) []: <enter> Organization Name (eg, company) [Internet Widgits Pty Ltd]: <enter> Organizational Unit Name (eg, section) []: <type something here, this must be different from above> Common Name (eg, YOUR name) []: <your name> Email Address []: <your email> Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <enter> An optional company name []: <enter> $ openssl ca -days 3650 -crldays 3650 -out NAS.pem -infiles NAS.csr Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: <same password as before> Check that the request matches the signature Signature ok Certificate is to be certified until Oct 18 11:08:58 2021 GMT (365 days) Sign the certificate? [y/n]: <type y> 1 out of 1 certificate requests certified, commit? [y/n] <type y> Write out database with 1 new entries Data Base Updated sudo mkdir /etc/postfix/certs sudo cp NAS.key NAS.pem /etc/postfix/certs sudo cp /etc/ssl/certs/Equifax_Secure_CA.pem /etc/postfix/certs/cacert.pem sudo nano /etc/postfix/sasl/sasl_passwd and enter your email account and password. You can create a new gmail account if you are not happy to leave your password in the file. Also in case you sometimes change your own gmail password, you dont have remember to change it here. The file should look like this: gmail-smtp.l.google.com myaccount@gmail.com:mypassword smtp.gmail.com myaccount@gmail.com:mypassword Change the permissions of the sasl_passwd file with: sudo chmod 400 /etc/postfix/sasl/sasl_passwd We want to make a backup of postfix main.cf file: sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.orig sudo nano/etc/postfix/main.cf This is how the main.cf will look. # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # auth smtp_sasl_auth_enable=yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd # TLS client side certificate smtp_use_tls = yes smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_tls_note_starttls_offer = yes tls_random_source = dev:/dev/urandom smtp_tls_scert_verifydepth = 5 smtp_tls_CAfile = /etc/postfix/certs/cacert.pem smtp_tls_key_file=/etc/postfix/certs/NAS.key smtp_tls_cert_file=/etc/postfix/certs/NAS.pem smtp_tls_enforce_peername = no # TLS parameters smtpd_tls_ask_ccert = yes smtpd_tls_req_ccert =no smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = NAS alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = NAS, localhost.localdomain, , localhost #relayhost = relayhost = [smtp.gmail.com]:587 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all sudo postmap /etc/postfix/sasl/sasl_passwd sudo /etc/init.d/postfix reload from the box you will send emails from, login with your browser to:http://www.google.co...ayUnlockCaptcha and unlock your IP to allow you to send email from postfix Open two terminals: In one type tail -f /var/log/mail.log and in the other do your test to send out an email: lets send a test email telnet 127.0.0.1 25 EHLO test MAIL FROM: <from-email> RCPT TO: <recipient-email> DATA Type message here. <Enter>.<Enter> (press enter, type a dot, press enter) QUIT Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now