Postfix, skicka mail via gmail

From Linuxwiki
Jump to navigation Jump to search

Detta är för Centos6.

Skapa certifikat

cd /etc/pki/tls/misc/
./CA -newca
Svara på de sedvanliga certfrågorna (se nedan)

Installera RPMer

yum install cyrus-sasl-plain

Konfiguration i main.cf

Följande konfig finns i main.cf och verkar fungera.

relayhost = [smtp.gmail.com]:587

smtp_use_tls=yes
smtpd_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_sasl_mechanism_filter = plain

Följande är för debug. Notera att det kan skriva lösenord i klartext i logfilen. 

debug_peer_list=smtp.gmail.com
debug_peer_level=3

Lösenord måste sättas upp

Skapa en fil som heter /etc/postfix/sasl_passwd, t ex med vi som innehåller: 

[smtp.gmail.com]:587 user@gmail.com:password

Spara och ändra sedan rättigheterna på filen: 

chmod 700 /etc/postfix/sasl_passw

Hasha den: 

postmap /etc/postfix/sasl_passwd

Detta genererar sasl_passwd.db som även den kan innehålla lösenord i klartext. Kontrollera att filen inte är läsbar av andra.

Starta om postfix eller ladda om config med 

service postfix reload

Angivet vid ./CA -newca

[root@moher misc]# ./CA -newca CA certificate filename (or enter to create)

Making CA certificate ... Generating a 2048 bit RSA private key .........+++ ...............+++ writing new private key to '/etc/pki/CA/private/./cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase:

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [XX]:SE State or Province Name (full name) []:Hellville Locality Name (eg, city) [Default City]:Hellville Organization Name (eg, company) [Default Company Ltd]:ECS Organizational Unit Name (eg, section) []:ECS Common Name (eg, your name or your server's hostname) []:moher.avdelning.se Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/pki/tls/openssl.cnf Enter pass phrase for /etc/pki/CA/private/./cakey.pem: 140095630776136:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:869:You must type in 4 to 8191 characters Enter pass phrase for /etc/pki/CA/private/./cakey.pem: Check that the request matches the signature Signature ok Certificate Details: 

       Serial Number: 17329447957857897848 (0xf07e911a31bd0d78)
       Validity
           Not Before: Jan 23 10:02:59 2014 GMT
           Not After : Jan 22 10:02:59 2017 GMT
       Subject:
           countryName               = SE
           stateOrProvinceName       = Hellville
           organizationName          = ECS
           organizationalUnitName    = ECS
           commonName                = moher.avdelning.se
       X509v3 extensions:
           X509v3 Subject Key Identifier: 
               4A:FC:47:40:0F:CC:36:F5:71:2D:96:1D:C4:B8:2B:8B:6F:19:52:EA
           X509v3 Authority Key Identifier: 
               keyid:4A:FC:47:40:0F:CC:36:F5:71:2D:96:1D:C4:B8:2B:8B:6F:19:52:EA

           X509v3 Basic Constraints: 
               CA:TRUE

Certificate is to be certified until Jan 22 10:02:59 2017 GMT (1095 days)

Write out database with 1 new entries Data Base Updated

Retrieved from "https://wiki.avdelning.se/index.php?title=Postfix,_skicka_mail_via_gmail&oldid=184"