Instalamos los paquetes necesarios
[user@host ~]# yum install postfix stunnel -yPreparando stunnel
[user@host ~]# openssl genrsa -out privkey.pem 2048 [user@host ~]# openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 [user@host ~]# cat privkey.pem cacert.pem > /etc/stunnel/stunnel.pem [user@host ~]# chmod 0400 /etc/stunnel/stunnel.pem [user@host ~]# mkdir /var/run/stunnel [user@host ~]# chown nobody:nobody /var/run/stunnelAplicando los parámetros de configuración
[user@host ~]# vim /etc/stunnel/stunnel.conf cert = /etc/stunnel/stunnel.pem chroot = /var/run/stunnel/ pid = /stunnel.pid setuid = nobody setgid = nobody [smtp-tls-wrapper] accept = 11125 client = yes connect = smtp.gmail.com:465
Lanzando en inicio de sistema stunnel
[user@host ~]# vim /etc/rc.local # Agregamos siguiente linea Stunnel /usr/bin/stunnelProbando stunnel (Intentar una conexión local y revisar que pase por nuestro túnel)
[user@host ~]# stunnel [user@host ~]# telnet localhost 11125 Trying 127.0.0.1… Connected to localhost. Escape character is ‘^]’. 220 mx.google.com ESMTP y66sm40234408yhi.10Mas configuraciones
[user@host ~]# vim /etc/hosts.allow smtp-tls-wrapper: 127.0.0.1
[user@host ~]# vim /etc/postfix/relay_passwd [127.0.0.1]:11125 user@gmail.com:miPassWord
[user@host ~]# postmap hash:/etc/postfix/relay_passwdCrear los certificados de gmail (copy, paste)
[user@host ~]# vim Thawte_Premium_Server_CA.pem ——-BEGIN CERTIFICATE——- MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkExFTATBgNVBAgT DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UE AxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZl ckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYT AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2 aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3DQEJARYZ cHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2 aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIh Udib0GfQug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/ qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAm SCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUIhfzJATj/Tb7yFkJD57taRvvBxhEf 8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7t UCemDaYj+bvLpgcUQg== ——-END CERTIFICATE——-
[user@host ~]# vim Equifax_Secure_CA.pem ——-BEGIN CERTIFICATE——- MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW 8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961 zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95 70+sB3c4 ——-END CERTIFICATE——-
[user@host ~]# mkdir /etc/postfix/ssl [user@host ~]# touch /etc/postfix/ssl/cacert.pem [user@host ~]# cat Equifax_Secure_CA.pem > /etc/postfix/ssl/cacert.pem [user@host ~]# cat Thawte_Premium_Server_CA.pem > /etc/postfix/ssl/cacert.pemConfigurando postfix
[user@host ~]# vim /etc/postfix/main.cf inet_protocols = ipv4 relayhost = [127.0.0.1]:11125 ### SASL smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous ### TLS smtp_use_tls = yes smtp_sasl_mechanism_filter = plain, login smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem smtp_tls_CApath = /etc/postfix/ssl smtp_sasl_tls_security_options = noanonymous smtp_tls_session_cache_timeout = 3600sConfigurando los servicios:
[user@host ~]# systemctl stop sendmail.service
[user@host ~]# systemctl disable sendmail.service
[user@host ~]# alternatives --config mta
There are 2 programs which provide ‘mta’.
Selection Command
———————————————————————-
*+ 1 /usr/sbin/sendmail.sendmail
2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2
[user@host ~]# systemctl start postfix.service
[user@host ~]# chkconfig postfix on
Probando todo
[user@host ~]# mail -s test prueba@correo.com.mx < /dev/null Null message body; hope that’s ok
[user@host ~]# tail -f /var/log/maillog Jul 25 23:43:09 darkside postfix/qmgr[3437]: 1CB75655F0: from=, size=460, nrcpt=1 (queue active) Jul 25 23:43:12 darkside postfix/smtp[3530]: 1CB75655F0: to= , relay=127.0.0.1[127.0.0.1]:11125, delay=3.5, delays=0.13/0.09/1.1/2.1, dsn=2.0.0, status=sent (250 2.0.0 OK 1343277788 x52sm948788yhi.8) Jul 25 23:43:12 darkside postfix/qmgr[3437]: 1CB75655F0: removed prueba root
Nota: Esta configuración también la he probado en CentOS 6.2, solo que la configuración de servicios lo hacemos por medio de chkconfig
No hay comentarios.:
Publicar un comentario