root /root # emerge --unmerge ssmtp
root /root # USE="sasl ssl" emerge postfix
- Edit /etc/postfix/main.cf and locate the 'relayhost' line, add the info below:
relayhost = [smtp.comcast.net]:587
# These lines are new:
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
smtp_tls_key_file = /etc/postfix/FOO-key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
- Create your local certificate, required fields in red:
root /root # /etc/ssl/misc/CA.pl -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
.......++++++
...................++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase: password123
Verifying - Enter PEM pass phrase: password123
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []: MyName
Email Address []: myusername@comcast.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
ed:cc:21:e6:4c:6c:28:37
Validity
Not Before: Nov 14 20:00:01 2008 GMT
Not After : Nov 14 20:00:01 2011 GMT
Subject:
countryName = US
stateOrProvinceName = Some-State
organizationName = Internet Widgits Pty Ltd
commonName = mydomain.com
emailAddress = myusername@comcast.net
X509v3 extensions:
X509v3 Subject Key Identifier:
71:D1:1B:B1:2C:D3:D6:C3:28:C9:5D:11:21:A1:14:B3:2A:11:44:A3
X509v3 Authority Key Identifier:
keyid:71:D1:1B:B1:2C:D3:D6:C3:28:C9:5D:11:21:A1:14:B3:2A:11:44:A3
DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=mydomain/emailAddress=myusername@comcast.net
serial:AE:C1:27:A3:2E:4D:81:28
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Nov 14 20:00:01 2011 GMT (1095 days)
Write out database with 1 new entries
Data Base Updated
root /root # openssl req -new -nodes -subj '/CN=domain.com/O=Name/C=US/ST=State/L=Location/emailAddress=user@comcast.net' -keyout FOO-key.pem -out FOO-req.pem -days 3650
root /root # openssl ca -out FOO-cert.pem -infiles FOO-req.pem
- Copy your cert to the postfix directory:
root /root # cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix
- Set proper permissions:
root /root # chmod 644 /etc/postfix/FOO-cert.pem /etc/postfix/cacert.pem
root /root # chmod 400 /etc/postfix/FOO-key.pem
- Edit /etc/postfix/saslpass and add the auth information:
# remotehost user:password
[smtp.comcast.net]:587 mycomcastusername:mycomcastpassword
- Create the password database and set permissions:
root /root # cd /etc/postfix/
root /etc/postfix # postmap saslpass
root /etc/postfix # chmod 600 saslpass
root /etc/postfix # chmod 644 saslpass.db
- Reload postfix:
root /etc/postfix # postfix reload
You should be all done. Happy emailing.