Generating a DSA private key
writing new private key to 'mykey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CR
State or Province Name (full name) [Some-State]:Alajuela
Locality Name (eg, city) []:Alajuela
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SIUA
Organizational Unit Name (eg, section) []:UGIT
Common Name (e.g. server FQDN or YOUR name) []:UGIT
Email Address []:admin@siua.ac.cr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CR
State or Province Name (full name) [Some-State]:Alajuela
Locality Name (eg, city) []:Alajuela
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SIUA
Organizational Unit Name (eg, section) []:UGIT
Common Name (e.g. server FQDN or YOUR name) []:UGIT
Email Address []:admin@siua.ac.cr
Reiniciamos a postfix
/etc/init.d/postfix reload
Revisar la cola
sudo tail /var/log/mail.log
Una vez tenemos /etc/postfix/sasl_passwd creado, vamos a crear una tabla de búsqueda (lookup-table) para Postfix de esta forma:
postmap /etc/postfix/sasl_passwd
De esta forma creamos el archivo /etc/postfix/sasl_passwd.db . Lo siguiente será proteger los dos archivos de contraseñas, tanto el que no tiene extensión (que, si queremos lo podemos borrar y no pasa nada, o también custodiarlo en otra máquina o con otro usuario, ya como queramos). Para protegerlo, hacemos que solo root sea capaz de acceder a los archivos:
Por último, tenemos que configurar nuestro servidor relay editando el archivo /etc/postfix/main.cf , primero añadiendo (o verificando) que el relay host está configurado, es decir, el servidor a través del cual enviamos realmente los correos:
See /usr/share/postfix/main.cf.dist for a commented, more complete version Debian specific: Specifying a file name will cause the first line of that file to be used as the name. The Debian default is /etc/mailname. myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no appending .domain is the MUA's job. append_dot_mydomain = no Uncomment the next line to generate "delayed mail" warnings delay_warning_time = 4h readme_directory = no See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on fresh installs. compatibility_level = 2 TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = onlyoffice.siua.ac.cr alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = correo.siua.ac.cr, $myhostname, onlyoffice.siua.ac.cr, localhost.siua.ac.cr, localhost relayhost = correo.siua.ac.cr:25 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only inet_protocols = all # Agregamos al final # Configuración de seguridad para el servidor saliente Usas SASL para autentificarnos antes de enviar correos smtp_sasl_auth_enable = yes
Utilizar el mapa /etc/postifx/sasl_passwd.db smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd No permitr métodos de autentificación anónima smtp_sasl_security_options = noanonymous Utilizar el fichero de certificados raíz del sistema smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt Utilizar STARTTLS para enviar los correos smtp_use_tls = yes
service postfix restart
Debe quedar así (Debien)
See /usr/share/postfix/main.cf.dist for a commented, more complete version Debian specific: Specifying a file name will cause the first line of that file to be used as the name. The Debian default is /etc/mailname. myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no appending .domain is the MUA's job. append_dot_mydomain = no Uncomment the next line to generate "delayed mail" warnings delay_warning_time = 4h readme_directory = no See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on fresh installs. compatibility_level = 2 TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = onlyoffice.siua.ac.cr alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = correo.siua.ac.cr, $myhostname, onlyoffice.siua.ac.cr, localhost.siua.ac.cr, localhost relayhost = correo.siua.ac.cr:25 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only inet_protocols = all # Agregamos al final # Configuración de seguridad para el servidor saliente Usas SASL para autentificarnos antes de enviar correos smtp_sasl_auth_enable = yes
Utilizar el mapa /etc/postifx/sasl_passwd.db smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd No permitr métodos de autentificación anónima smtp_sasl_security_options = noanonymous Utilizar el fichero de certificados raíz del sistema smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt Utilizar STARTTLS para enviar los correos smtp_use_tls = yes