Documente Academic
Documente Profesional
Documente Cultură
server:~#dpkg-reconfigure postfix Nota:esto espara reconfigurar el server lo que te dara la opcion de agregar nuevas configuraciones
ESTO ES EL PROCESO QU TE PONE EL SISTEMA CUANDO INSTALAS server:~# aptitude install postfix Leyendo lista de paquetes... Hecho Creando rbol de dependencias Leyendo la informacin de estado... Hecho Leyendo la informacin de estado extendido Inicializando el estado de los paquetes... Hecho Leyendo las descripciones de las tareas... Hecho Los siguientes paquetes estn ROTOS: exim4 exim4-config Se instalarn los siguiente paquetes NUEVOS: postfix Se ELIMINARN los siguientes paquetes: exim4-daemon-light{a} 0 paquetes actualizados, 1 nuevos instalados, 1 para eliminar y 0 sin actualizar. Necesito descargar 0B/1224kB de ficheros. Despus de desempaquetar se usarn 1888kB. No se satisfacen las dependencias de los siguientes paquetes: exim4-config: Entra en conflicto: postfix pero se va a instalar 2.5.5-1.1. exim4: Depende: exim4-daemon-light pero no es instalable o exim4-daemon-heavy pero no es instalable o
exim4-daemon-custom que es un paquete virtual. Las acciones siguientes resolvern estas dependencias Eliminar los paquetes siguientes: exim4 exim4-base exim4-config La puntuacin es 251 Acepta esta solucin? [Y/n/q/?]Y Se instalarn los siguiente paquetes NUEVOS: postfix Se ELIMINARN los siguientes paquetes: exim4{a} exim4-base{a} exim4-config{a} exim4-daemon-light{a} 0 paquetes actualizados, 1 nuevos instalados, 4 para eliminar y 0 sin actualizar. Necesito descargar 0B/1224kB de ficheros. Despus de desempaquetar se liberarn 1008kB. Quiere continuar? [Y/n/?] Y Escribiendo informacin de estado extendido... Hecho Preconfigurando paquetes ... (Leyendo la base de datos ... 61987 ficheros y directorios instalados actualmente.) Desinstalando exim4 ... dpkg: exim4-base: problemas de dependencias, pero se desinstalar de todas formas tal y como se solicit: exim4-daemon-light depende de exim4-base (>= 4.69). Desinstalando exim4-base ... Stopping MTA: exim4_listener. Desinstalando exim4-config ... dpkg: exim4-daemon-light: problemas de dependencias, pero se desinstalar de todas formas tal y como se solicit: bsd-mailx depende de exim4 | mail-transport-agent; sin embargo: El paquete `exim4' no est instalado. El paquete `mail-transport-agent' no est instalado. El paquete `exim4-daemon-light' provee `mail-transport-agent' pero va a ser desinstalado. at depende de exim4 | mail-transport-agent; sin embargo: El paquete `exim4' no est instalado. El paquete `mail-transport-agent' no est instalado. El paquete `exim4-daemon-light' provee `mail-transport-agent' pero va a ser desinstalado. Desinstalando exim4-daemon-light ... Stopping MTA:/sbin/start-stop-daemon: warning: failed to kill 2400: No such process exim4_listener. Procesando disparadores para man-db ... Seleccionando el paquete postfix previamente no seleccionado. (Leyendo la base de datos ... 61851 ficheros y directorios instalados actualmente.) Desempaquetando postfix (de .../postfix_2.5.5-1.1_i386.deb) ... Procesando disparadores para man-db ... Configurando postfix (2.5.5-1.1) ... Aadiendo el grupo `postfix' (GID 114) ... Hecho. Aadiendo el usuario del sistema `postfix' (UID 108) ...
Aadiendo un nuevo usuario `postfix' (UID 108) con grupo `postfix' ... No se crea el directorio personal `/var/spool/postfix'. Creating /etc/postfix/dynamicmaps.cf Adding tcp map entry to /etc/postfix/dynamicmaps.cf Aadiendo el grupo `postdrop' (GID 115) ... Hecho. setting myhostname: server.crim.lcc.dc setting alias maps setting alias database setting myorigin setting destinations: server.crim.lcc.dc, localhost.crim.lcc.dc, , localhost setting relayhost: setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 setting mailbox_command setting mailbox_size_limit: 0 setting recipient_delimiter: + setting inet_interfaces: all Postfix is now set up with a default configuration. If you need to make changes, edit /etc/postfix/main.cf (and others) as needed. To view Postfix configuration values, see postconf(1). After modifying main.cf, be sure to run '/etc/init.d/postfix reload'. Running newaliases Stopping Postfix Mail Transport Agent: postfix. Starting Postfix Mail Transport Agent: postfix. Leyendo lista de paquetes... Hecho Creando rbol de dependencias Leyendo la informacin de estado... Hecho Leyendo la informacin de estado extendido Inicializando el estado de los paquetes... Hecho Escribiendo informacin de estado extendido... Hecho Leyendo las descripciones de las tareas... Hecho server:~# nano /etc/postfix/main.cf home_mailbox = Maildir/ myhostname = alfa.crim.lcc.dc mydomain = crim.lcc.dc alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = alfa.crim.lcc.dc, alfa, localhost.localdomain, localhost,crim.lcc.dc relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all transport_maps = hash:/etc/postfix/transport
mail_spool_directory = /var/spool/mail/ root@alfa:~# nano /etc/postfix/transport crim.lcc.dc local: alfa.crim.lcc.dc local: mail.crim.lcc.dc local: postmap hash:/etc/postfix/transport Soporte para SASL server:~# aptitude install sasl2-bin libsasl2-modules libsasl2-2 server:~#/etc/default/saslauthd start = yes MECHANISMS="pam" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" server:~#nano /etc/postfix/main.cf #Configuracion para soporte de SASL smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination broken_sasl_auth_clients = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous server:~# nano /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login saslauthd_path: /var/run/saslauthd/mux server:~# rm -r /var/run/saslauthd/ server:~#ln -s /var/spool/postfix/var/run/saslauthd /var/run server:~#chgrp sasl /var/spool/postfix/var/run/saslauthd server:~#adduser postfix sasl server:~#/etc/init.d/postfix restart Configuracion de postfix con soporte TLS 1root@alfa:~# cd /etc/ssl/ root@alfa:/etc/ssl# mkdir ca root@alfa:/etc/ssl# cd ca root@alfa:/etc/ssl/ca# /usr/lib/ssl/misc/CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key
.............++++++ ..++++++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----You are about to be asked to enter information that will be incorporated into your certificate root@alfa:/etc/ssl/ca# /usr/lib/ssl/misc/CA.pl -signreq Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: ee:ff:51:f9:da:8c:5b:60 Validity Not Before: Feb 7 15:18:11 2011 GMT Not After : Feb 7 15:18:11 2012 GMT Subject: countryName = CU stateOrProvinceName = CH localityName = La Habana organizationName = Criminalistica organizationalUnitName = LCC commonName = alfa.crim.lcc.dc emailAddress = islay@crim.lcc.dc X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 01:67:42:FB:F1:2A:42:C1:C1:05:3B:DA:A4:93:03:DE:A8:29:E8:1C X509v3 Authority Key Identifier: keyid:34:AA:5F:E4:E6:1F:88:1D:43:B2:F3:5E:A2:A3:C4:0D:9B:54:ED:DB Certificate is to be certified until Feb 7 15:18:11 2012 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated Signed certificate is in newcert.pem root@alfa:/etc/ssl/ca# request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [AU]:CU State or Province Name (full name) [Some-State]:CH
Locality Name (eg, city) []:La Habana Organization Name (eg, company) [Internet Widgits Pty Ltd]:Criminalistica Organizational Unit Name (eg, section) []:LCC Common Name (eg, YOUR name) []:ROOT_CA Email Address []:islay@crim.lcc.dc Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:victoria50 An optional company name []: Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: ee:ff:51:f9:da:8c:5b:5f Validity Not Before: Feb 7 15:15:46 2011 GMT Not After : Feb 6 15:15:46 2014 GMT Subject: countryName = CU stateOrProvinceName = CH organizationName = Criminalistica organizationalUnitName = LCC commonName = ROOT_CA emailAddress = islay@crim.lcc.dc X509v3 extensions: X509v3 Subject Key Identifier: 34:AA:5F:E4:E6:1F:88:1D:43:B2:F3:5E:A2:A3:C4:0D:9B:54:ED:DB X509v3 Authority Key Identifier: keyid:34:AA:5F:E4:E6:1F:88:1D:43:B2:F3:5E:A2:A3:C4:0D:9B:54:ED:DB DirName:/C=CU/ST=CH/O=Criminalistica/OU=LCC/CN=ROOT_CA/emailAddress=isl ay@crim.lcc.dc serial:EE:FF:51:F9:DA:8C:5B:5F X509v3 Basic Constraints: CA:TRUE Certificate is to be certified until Feb 6 15:15:46 2014 GMT (1095 days) Write out database with 1 new entries Data Base Updated root@alfa:/etc/ssl/ca# 2root@alfa:/etc/ssl/ca# /usr/lib/ssl/misc/CA.pl -newreq Generating a 1024 bit RSA private key ........++++++ ..................++++++ writing new private key to 'newkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [AU]:CU State or Province Name (full name) [Some-State]:CH Locality Name (eg, city) []:La Habana Organization Name (eg, company) [Internet Widgits Pty Ltd]:Criminalistica Organizational Unit Name (eg, section) []:LCC Common Name (eg, YOUR name) []:alfa.crim.lcc.dc Email Address []:islay@crim.lcc.dc Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Request is in newreq.pem, private key is in newkey.pem root@alfa:/etc/ssl/ca# 3root@alfa:/etc/ssl/ca# /usr/lib/ssl/misc/CA.pl -signreq Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: ee:ff:51:f9:da:8c:5b:60 Validity Not Before: Feb 7 15:18:11 2011 GMT Not After : Feb 7 15:18:11 2012 GMT Subject: countryName = CU stateOrProvinceName = CH localityName = La Habana organizationName = Criminalistica organizationalUnitName = LCC commonName = alfa.crim.lcc.dc emailAddress = islay@crim.lcc.dc X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 01:67:42:FB:F1:2A:42:C1:C1:05:3B:DA:A4:93:03:DE:A8:29:E8:1C X509v3 Authority Key Identifier: keyid:34:AA:5F:E4:E6:1F:88:1D:43:B2:F3:5E:A2:A3:C4:0D:9B:54:ED:DB
Certificate is to be certified until Feb 7 15:18:11 2012 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated Signed certificate is in newcert.pem root@alfa:/etc/ssl/ca# 4root@alfa:/etc/ssl#openssl rsa < newcert.pem > clearkey.pem 5crear en /etc/postfix/ una carpeta para los TLS con el nombre tls y copiamos el certificado de la Autoridad certificadora que se encuentra en /etc/ssl/ca/demoCA/ con el nombre cacert.pem ,el certificado del servidor y la llave que se encuentran en /etc/ssl/ca/ con el nombre newcert.pem y clearkey.pem y renombramos newcert.pem con smtpdcert.pem y clearkey.pem con smtpdkey.pem root@alfa:~# chown postfix:postfix /etc/postfix/tls/cacert.pem root@alfa:~# chown postfix:postfix /etc/postfix/tls/smtpdcert.pem root@alfa:~# chown postfix:postfix /etc/postfix/tls/smtpdkey.pem root@alfa:~# chmod 600 /etc/postfix/tls/smtpdkey.pem root@alfa:~#nano /etc/postfix/main.cf #Configuracion para TLS smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file =/etc/postfix/tls/smtpdkey.pem smtpd_tls_cert_file =/etc/postfix/tls/smtpdcert.pem smtpd_tls_CAfile =/etc/postfix/tls/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout =3600s tls_random_source = dev:/dev/urandom Comprobar que el servidor esta ofertando los mecanismo de autenticacon configurados y el tls