Quien no se
ha encontrado que cuando instala un paquete de crm,cms, e-commerce o cualquier
herramienta/portal basado en Linux opensource ha querido tener las
funcionalidades de envío de correo y no se ha visto capaz por varios motivos.
Eso se puede solucionar utilizando el servidor SMTP de Gmail, que no se puede
configurar como un postfix /relay normal, ya que pide conexiones seguras y
certificado. No nos dejemos asustar, el proceso es fácil y lo detallo a
continuación (nota: sobre Ubuntu):
Módulos
necesarios:
Postfix y
libsasl2-2 (instalables con apt-get install paquete )
Pasos:
- Instalación
de libsasl2-2
- sudo apt-get install libsasl2-2
sudo apt-get install libsasl2-modules
- Creación certificados
En raiz con usuario normal
/usr/lib/ssl/misc/CA.pl –newca
Esto creará el certificado, apuntar los
diferentes apartados para después, ejemplo:
Making CA certificate
Generating a 1024 bit RSA private key
writing new private key to ?./demoCA/private/cakey.pem?
Enter PEM pass phrase: password
Verifying ? Enter PEM pass phrase: password
??
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ?.?, the field will be left blank.
??
Country Name (2 letter code) [US]: SP
State or Province Name (full name) []:Castillalamancha
Locality Name (eg, city) []:Albacete
Organization Name (eg, company) []:mycompany
Organizational Unit Name (eg, section) []:GRI
Common Name (eg, YOUR name) []:Miguel
Email Address []:username@gmail.com
Please enter the following “extra” attributes
to be sent with your certificate request
A challenge password []: [blanco a proposito]
An optional company name []:[blanco a proposito]
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: password
Check that the request matches the signature
Signature ok
- Creación de servidor de certificación
Introducir en una sola línea y con los datos adecuados
:
openssl req -new -nodes –subj '/CN=miguel/O=mycompany/C=SP/ST=Castillalamancha/L=Albacete/emailAddress=username@gmail.com'
-keyout YOURSERVER-key.pem -out YOURSERVER-req.pem -days 3650
- Firmar el certificado
openssl ca -out YOURSERVER-cert.pem -infiles YOURSERVER-req.pem
Using configuration from
/usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: [blanco a proposito]
Check that the request matches the signature
Signature ok
- Copiar
los certificados a la carpeta de Postfix como root o sudo
# cd /home/youruserid/
# cp demoCA/cacert.pem YOURSERVER-key.pem YOURSERVER-cert.pem /etc/postfix
# chmod 644 /etc/postfix/YOURSERVER-cert.pem /etc/postfix/cacert.pem
# chmod 400 /etc/postfix/YOURSERVER-key.pem
- Modificación
de fichero /etc/postfix/main.cf
## TLS Settings
#
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/YOURSERVER-cert.pem
smtp_tls_key_file = /etc/postfix/YOURSERVER-key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/YOURSERVER-cert.pem
smtpd_tls_key_file = /etc/postfix/YOURSERVER-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtp_tls_loglevel = 2
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
#
## SASL Settings
# This is going in to THIS server
smtpd_sasl_auth_enable = no
# We need this
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_application_name = smtpd
#Make sure the following lines are also in main.cf
relayhost = [smtp.gmail.com]:587
transport_maps = hash:/etc/postfix/transport
- Creación
del fichero transport en /etc/postfix/
# vi /etc/postfix/transport
# Contents of /etc/postfix/transport
#
# This sends mail to Gmail
gmail.com smtp:[smtp.gmail.com]:587
#
- Crear
el password SALS, poniendo nuestros datos de la cuenta gmail (crear una generica)
# cd /etc/postfix/sasl
# vi /etc/postfix/sasl/sasl_passwd
#contents of sasl_passwd
#
gmail-smtp.l.google.com youruser@gmail.com:password
smtp.gmail.com youruser@gmail.com:password
- Hashear
los siguiente ficheros (los convertirá a .db)
# postmap /etc/postfix/sasl/sasl_passwd && postmap
/etc/postfix/transport
- Reiniciar postfix y comprobar
# /etc/init.d/postfix restart
Instalar mailutils
# which mails
# apt-get install mailutils
# which mailx
# echo "testing" |mailx -s "testing" youruser@gmail.com
Los errores se pueden ver en:
# tail -f /var/log/mail.log