Solução completa com o sendmail (segunda edição)
Quase 2 anos após ter escrito a primeira versão deste artigo, chegou a hora de rescrevê-lo com informações adicionais e atualizadas. Dentre seus recursos podemos citar o suporte a SMTP TLS e POP SSL (criptografado), antivírus, antiSPAM, autenticação SMTP e sistema de quota de usuário.
Parte 5: Sendmail
Conferindo instalação:
# /usr/sbin/sendmail -d0.1 -bv root
Se conter as palavras MILTER, SASLv2 e STARTTLS é porque está tudo OK. Caso contrário reveja os passos anteriores ou entre em contato comigo.
Criando o sendmail.mc:
# cd /usr/share/sendmail/cf/cf
# touch sendmail.mc
Após termos criado o sendmail.mc, coloque o conteúdo abaixo nele.
# /usr/sbin/sendmail -d0.1 -bv root
Se conter as palavras MILTER, SASLv2 e STARTTLS é porque está tudo OK. Caso contrário reveja os passos anteriores ou entre em contato comigo.
Criando o sendmail.mc:
# cd /usr/share/sendmail/cf/cf
# touch sendmail.mc
Após termos criado o sendmail.mc, coloque o conteúdo abaixo nele.
include(`../m4/cf.m4')
VERSIONID(`TLS supporting setup for Slackware Linux')
OSTYPE(linux)dnl
define(`confCACERT_PATH', `/etc/mail/certs/')dnl
define(`confCACERT', `/etc/mail/certs/smtp.cert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/smtp.cert.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/smtp.key.pem')dnl
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define(`confMAX_MESSAGE_SIZE', `7168000')dnl
define(`confMAX_DAEMON_CHILDREN', `30')dnl
define(`confCONNECTION_RATE_THROTTLE', `2')dnl
define(`confMAXRCPTSPERMESSAGE', `50')dnl
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTO_CONNECT', `20s')dnl
define(`confTO_HELO', `5m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_DATAINIT', `6m')dnl
define(`confTO_DATABLOCK', `35m')dnl
define(`confTO_DATAFINAL', `35m')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
define(`confTO_IDENT', `0')dnl
define(`confALIAS_WAIT', `0')dnl
define(`confMAX_HOP', `35')dnl
define(`confQUEUE_LA', `5')dnl
define(`confREFUSE_LA', `12')dnl
define(`confSEPARATE_PROC', `False')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
FEATURE(`delay_checks')dnl
FEATURE(`generics_entire_domain')dnl
FEATURE(`local_procmail')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`enhdnsbl', `relays.ordb.org', `', `t', `127.0.0.2')dnl
FEATURE(`enhdnsbl', `sbl-xbl.spamhaus.org', `', `t', `127.0.0.2-6')dnl
FEATURE(`dnsbl',`blackholes.mail-abuse.org',`')dnl
FEATURE(`dnsbl',`relays.mail-abuse.org',`')dnl
FEATURE(`dnsbl',`dialups.mail-abuse.org',`')dnl
FEATURE(`dnsbl',`bl.spamcop.net', `')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`no_default_msa')dnl
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/milter.sock,F=, T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
define(`confAUTH_OPTIONS', `A p y')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=s')dnl
VERSIONID(`TLS supporting setup for Slackware Linux')
OSTYPE(linux)dnl
define(`confCACERT_PATH', `/etc/mail/certs/')dnl
define(`confCACERT', `/etc/mail/certs/smtp.cert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/smtp.cert.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/smtp.key.pem')dnl
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define(`confMAX_MESSAGE_SIZE', `7168000')dnl
define(`confMAX_DAEMON_CHILDREN', `30')dnl
define(`confCONNECTION_RATE_THROTTLE', `2')dnl
define(`confMAXRCPTSPERMESSAGE', `50')dnl
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTO_CONNECT', `20s')dnl
define(`confTO_HELO', `5m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_DATAINIT', `6m')dnl
define(`confTO_DATABLOCK', `35m')dnl
define(`confTO_DATAFINAL', `35m')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
define(`confTO_IDENT', `0')dnl
define(`confALIAS_WAIT', `0')dnl
define(`confMAX_HOP', `35')dnl
define(`confQUEUE_LA', `5')dnl
define(`confREFUSE_LA', `12')dnl
define(`confSEPARATE_PROC', `False')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
FEATURE(`delay_checks')dnl
FEATURE(`generics_entire_domain')dnl
FEATURE(`local_procmail')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`enhdnsbl', `relays.ordb.org', `', `t', `127.0.0.2')dnl
FEATURE(`enhdnsbl', `sbl-xbl.spamhaus.org', `', `t', `127.0.0.2-6')dnl
FEATURE(`dnsbl',`blackholes.mail-abuse.org',`')dnl
FEATURE(`dnsbl',`relays.mail-abuse.org',`')dnl
FEATURE(`dnsbl',`dialups.mail-abuse.org',`')dnl
FEATURE(`dnsbl',`bl.spamcop.net', `')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T
FEATURE(`blacklist_recipients')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`no_default_msa')dnl
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/milter.sock,F=, T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
define(`confAUTH_OPTIONS', `A p y')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=s')dnl
Gerando o sendmail.cf:
# m4 sendmail.mc > /etc/mail/sendmail.cf
Criando os certificados:
# cd /etc/mail/certs
# openssl req -new -x509 -keyout CA.smtp.key.pem -out CA.smtp.cert.pem -days 365
Generating a 1024 bit RSA private key
............................................++++++
.......................................................................++++++
writing new private key to 'CA.smtp.key.pem'
Enter PEM pass phrase:1234
Verifying - Enter PEM pass phrase:1234
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:rio-de-janeiro
Locality Name (eg, city) []:niteroi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:solar
Organizational Unit Name (eg, section) []:tec
Common Name (eg, YOUR name) []:jpfaria.com
Email Address []:jpfaria@jpfaria.com
# openssl req -nodes -new -x509 -keyout smtp.key.pem -out smtp.cert.pem -days 365
Generating a 1024 bit RSA private key
..............................++++++
...................++++++
writing new private key to 'smtp.key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:rio-de-janeiro
Locality Name (eg, city) []:niteroi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:solar
Organizational Unit Name (eg, section) []:tec
Common Name (eg, YOUR name) []:jpfaria.com
Email Address []:jpfaria@jpfaria.com
Testando o seu certificado:
# openssl x509 -noout -text -in smtp.cert.pem
Setando permissões nos certificados:
# chmod 600 /etc/mail/certs -R
Os arquivos para ativação de quota no slackware mudaram!
# touch /aquota.user
# touch /aquota.group
# chmod 600 /aquota.user
# chmod 600 /aquota.group