[3] Comentário enviado por removido em 27/10/2010 - 16:26h
Olá,
Fiz todos os passos e nao deu certo :-( ..... o que será que fiz errado? ...
/usr/lib/ssl/misc/CA.pl –newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
...............................++++++
.++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:Santa Catarina
Locality Name (eg, city) []:Santa Catarina
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company X
Organizational Unit Name (eg, section) []:Student
Common Name (eg, YOUR name) []:Jurandir
Email Address []:
[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234567
An optional company name []:1234567
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:1234567
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
f4:7a:17:78:77:6a:1d:c2
Validity
Not Before: Oct 27 19:57:53 2010 GMT
Not After : Oct 26 19:57:53 2013 GMT
Subject:
countryName = BR
stateOrProvinceName = Santa Catarina
organizationName = Company X
organizationalUnitName = Student
commonName = Jurandir
emailAddress =
[email protected]
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:00:11:E4:BE:98:7F:D8:6F:89:15:AD:7F:A7:8F:32:1B:B2:75:FA
X509v3 Authority Key Identifier:
keyid:D4:00:11:E4:BE:98:7F:D8:6F:89:15:AD:7F:A7:8F:32:1B:B2:75:FA
DirName:/C=BR/ST=Santa Catarina/O=Company X/OU=Student/CN=Jurandir/
[email protected]
serial:F4:7A:17:78:77:6A:1D:C2
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Oct 26 19:57:53 2013 GMT (1095 days)
Write out database with 1 new entries
openssl req -new -nodes -subj '/CN= Company X/O=Apelido EMPRESA/C=BR/ST= Santa Catarina/L= Santa Catarina/
[email protected]' -keyout SERVER-key.pem -out SERVER-req.pem -days 3650
Generating a 1024 bit RSA private key
................++++++
.................++++++
writing new private key to 'SERVER-key.pem'
-----
openssl ca -out SERVER-cert.pem -infiles SERVER-req.pem
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
The stateOrProvinceName field needed to be the same in the
CA certificate (Santa Catarina) and the request ( Santa Catarina)
cp demoCA/cacert.pem SERVER-key.pem SERVER-cert.pem /etc/postfix
chmod 644 /etc/postfix/SERVER-cert.pem /etc/postfix/cacert.pem
chmod 400 /etc/postfix/SERVER-key.pem
cat > main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# mude para seu hostname
myhostname = servnet2.localhost # ( ??????? = gmail.com )
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases.db
myorigin = /etc/mailname
# não use o nome de seu domínio em um servidor relay
mydestination = servnet1.localhost, localhost.localdomain, localhost
relayhost =
transport_maps = hash:/etc/postfix/transport
# coloque a range de ip usada em sua rede
mynetworks = 127.0.0.0/8 192.168.1.20/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
## TLS Settings
#
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/SERVER-cert.pem
smtp_tls_key_file = /etc/postfix/SERVER-key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/SERVER-cert.pem
smtpd_tls_key_file = /etc/postfix/SERVER-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
#
## SASL Settings
#This is going in to THIS server
smtpd_sasl_auth_enable = no
# usei essa opção para o postfix não pedir senha ao meu sistema!!!
smtp_auth_enable = no
# We need this
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_application_name = smtpdinet_protocols = ipv4
/etc/postfix# cat > /etc/postfix/transport
#
# Relay de emails para o Gmail
* smtp:[smtp.gmail.com]:587
/etc/postfix# cat > sasl_passwd
# Caso use Gmail
#[smtp.gmail.com]:587
[email protected]:senha
#
# Caso tenha seu domínio no Google Apps
[smtp.gmail.com]:587
[email protected]:1234567=
[email protected]:/etc/postfix# touch generic
[email protected]:/etc/postfix# postmap /etc/postfix/sasl_passwd;postmap /etc/postfix/generic
Limpando os lixos e vamos ao teste! :)
cd
rm SERVER-req.pem SERVER-cert.pem SERVER-key.pem && rm -r demoCA/
echo "Test SMTP Relay" | mailx -s "Test 123"
[email protected]
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Hello there.
quit
+OK Better luck next time.
Connection closed by foreign host.
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 servnet2.localhost ESMTP Postfix (Debian/GNU)
quit
221 2.0.0 Bye
Connection closed by foreign host.
tail -f /var/log/mail.log
Oct 27 17:14:30 debian postfix/master[22629]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
Oct 27 17:15:30 debian postfix/trivial-rewrite[23440]: fatal: open database /etc/postfix/transport.db: No such file or directory
Oct 27 17:15:31 debian postfix/master[22629]: warning: process /usr/lib/postfix/trivial-rewrite pid 23440 exit status 1
Oct 27 17:15:31 debian postfix/master[22629]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
Oct 27 17:16:31 debian postfix/trivial-rewrite[23442]: fatal: open database /etc/postfix/transport.db: No such file or directory
Oct 27 17:16:32 debian postfix/master[22629]: warning: process /usr/lib/postfix/trivial-rewrite pid 23442 exit status 1
Oct 27 17:16:32 debian postfix/master[22629]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
Oct 27 17:17:32 debian postfix/trivial-rewrite[23446]: fatal: open database /etc/postfix/transport.db: No such file or directory
Oct 27 17:17:33 debian postfix/master[22629]: warning: process /usr/lib/postfix/trivial-rewrite pid 23446 exit status 1
Oct 27 17:17:33 debian postfix/master[22629]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup – throttling
Verificando e-mail na fila e envio:
postqueue -p ou
mailq
Não acompanha nenhum log comprovando que isso funciona...
Com artigos desse tipo eu nem, perco meu tempo. Tem muito bbc com banca de nerd enviando lixo desse tipo.
Aproveito para sugerir ao Vol publicar somente artigos que acompanham alguma documentação comprovando o funcionamento, dessa forma, eles evitam o armazenamento de lixo em seus servidores.