Configurar servidores para envio correo por zimbra siua.ac.cr

apt remove --purge postfix mailutils
apt autoremove -y
  • Instalamos
apt-get install openssl ssl-cert postfix mailutils openssl ssl-cert libsasl2-2 ca-certificates libsasl2-modules -y -y
  • Nos indica
  • Seleccionamos la opción satélite
  • La siguiente pregunta del instalador, mos muestra el FQDN del servidor, borramos el nombre y dejamos el dominio:
  • Abrimos el archivo y borramos su contenido
nano /etc/postfix/main.cf
  • Lo remplazamos con:
  • NOTA: Recuerde cambiar el nombre del servidor
# SMTP relayhost
# #############################
# #############################
# #############################
myhostname=web4.siua.ac.cr
# #############################
# ##########   MODIFICAR  #####
# #############################

# Correo SIUA
relayhost = [correo.siua.ac.cr]:465

## TLS Settings
smtp_tls_loglevel = 1
smtp_tls_CAfile = /etc/postfix/certs/CAcert.pem
smtp_tls_cert_file = /etc/postfix/certs/mycert.pem
smtp_tls_key_file = /etc/postfix/certs/mykey.pem
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/certs/CAcert.pem
smtpd_tls_cert_file = /etc/postfix/certs/mycert.pem
smtpd_tls_key_file = /etc/postfix/certs/mykey.pem
smtpd_tls_received_header = yes
smtpd_use_tls = yes
# configuracao tls
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
# alias de mapeamento interno para externo
smtp_generic_maps = hash:/etc/postfix/generic

smtp_tls_security_level = encrypt
smtp_tls_wrappermode = yes
  • Ahora creamos el archivo
nano /etc/postfix/sasl_passwd
  • Agregamos el contenido
[correo.siua.ac.cr]:465 admin@siua.ac.cr:AC2
  • Creamos el archivo de alias
nano /etc/postfix/generic
  • Agregamos
root@localhost.localdomain      admin@siua.ac.cr
  • Cambiamos los permisos
chmod 600 /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/generic
postmap /etc/postfix/sasl_passwd
postmap /etc/postfix/generic
  • Creamos los certificados
mkdir /etc/postfix/certs/
cd /etc/postfix/certs/
openssl dsaparam -out dsaparam.pem 2048
openssl req -x509 -nodes -days 3650 -newkey dsa:dsaparam.pem -out mycert.pem -keyout mykey.pem
  • RESULTADO:
Generating a DSA private key
writing new private key to 'mykey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CR
State or Province Name (full name) [Some-State]:Alajuela
Locality Name (eg, city) []:Alajuela
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SIUA
Organizational Unit Name (eg, section) []:UGIT
Common Name (e.g. server FQDN or YOUR name) []:UGIT
Email Address []:admin@siua.ac.cr
  • Eliminamos la llave
rm dsaparam.pem
  • Aplicamos
ln -s mycert.pem CAcert.pem
openssl req -x509 -new -days 3650 -key /etc/postfix/certs/mykey.pem -out /etc/postfix/certs/mycert.pem
  • RESULTADO:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CR
State or Province Name (full name) [Some-State]:Alajuela
Locality Name (eg, city) []:Alajuela
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SIUA
Organizational Unit Name (eg, section) []:UGIT
Common Name (e.g. server FQDN or YOUR name) []:UGIT
Email Address []:admin@siua.ac.cr 
  • Reiniciamos a postfix
/etc/init.d/postfix reload
  • Revisar la cola
sudo tail /var/log/mail.log
  • Una vez tenemos /etc/postfix/sasl_passwd creado, vamos a crear una tabla de búsqueda (lookup-table) para Postfix de esta forma:
postmap /etc/postfix/sasl_passwd
  • De esta forma creamos el archivo /etc/postfix/sasl_passwd.db . Lo siguiente será proteger los dos archivos de contraseñas, tanto el que no tiene extensión (que, si queremos lo podemos borrar y no pasa nada, o también custodiarlo en otra máquina o con otro usuario, ya como queramos). Para protegerlo, hacemos que solo root sea capaz de acceder a los archivos:
chown root:root /etc/postfix/sasl_passwd.db /etc/postfix/sasl_passwd 
chmod 0600 /etc/postfix/sasl_passwd.db /etc/postfix/sasl_passwd
  • Por último, tenemos que configurar nuestro servidor relay editando el archivo /etc/postfix/main.cf , primero añadiendo (o verificando) que el relay host está configurado, es decir, el servidor a través del cual enviamos realmente los correos:
  • Abrimos
nano /etc/postfix/main.cf 
  • Agregamos al final
# SMTP relayhost
relayhost = [correo.siua.ac.cr]:465
myhostname=web4.siua.ac.cr


compatibility_level = 2

## TLS Settings
smtp_tls_loglevel = 1
smtp_tls_CAfile = /etc/postfix/certs/CAcert.pem
smtp_tls_cert_file = /etc/postfix/certs/mycert.pem
smtp_tls_key_file = /etc/postfix/certs/mykey.pem
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/certs/CAcert.pem
smtpd_tls_cert_file = /etc/postfix/certs/mycert.pem
smtpd_tls_key_file = /etc/postfix/certs/mykey.pem
smtpd_tls_received_header = yes
smtpd_use_tls = yes
# configuracao tls
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
# alias de mapeamento interno para externo
smtp_generic_maps = hash:/etc/postfix/generic

smtp_tls_security_level = encrypt
smtp_tls_wrappermode = yes
  • Debe quedar así (Debien)
See /usr/share/postfix/main.cf.dist for a commented, more complete version
Debian specific: Specifying a file name will cause the first
line of that file to be used as the name. The Debian default
is /etc/mailname.
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
appending .domain is the MUA's job.
append_dot_mydomain = no
Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
readme_directory = no
See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
fresh installs.
compatibility_level = 2
TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = onlyoffice.siua.ac.cr
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = correo.siua.ac.cr, $myhostname, onlyoffice.siua.ac.cr, localhost.siua.ac.cr, localhost
relayhost = correo.siua.ac.cr:25
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all
#
Agregamos al final
#
Configuración de seguridad para el servidor saliente
Usas SASL para autentificarnos antes de enviar correos
smtp_sasl_auth_enable = yes

Utilizar el mapa /etc/postifx/sasl_passwd.db
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
No permitr métodos de autentificación anónima
smtp_sasl_security_options = noanonymous
Utilizar el fichero de certificados raíz del sistema
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Utilizar STARTTLS para enviar los correos
smtp_use_tls = yes
service postfix restart
  • Debe quedar así (Debien)
See /usr/share/postfix/main.cf.dist for a commented, more complete version
Debian specific: Specifying a file name will cause the first
line of that file to be used as the name. The Debian default
is /etc/mailname.
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
appending .domain is the MUA's job.
append_dot_mydomain = no
Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
readme_directory = no
See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
fresh installs.
compatibility_level = 2
TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = onlyoffice.siua.ac.cr
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = correo.siua.ac.cr, $myhostname, onlyoffice.siua.ac.cr, localhost.siua.ac.cr, localhost
relayhost = correo.siua.ac.cr:25
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all
#
Agregamos al final
#
Configuración de seguridad para el servidor saliente
Usas SASL para autentificarnos antes de enviar correos
smtp_sasl_auth_enable = yes

Utilizar el mapa /etc/postifx/sasl_passwd.db
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
No permitr métodos de autentificación anónima
smtp_sasl_security_options = noanonymous
Utilizar el fichero de certificados raíz del sistema
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Utilizar STARTTLS para enviar los correos
smtp_use_tls = yes
service postfix restart