2008年4月25日 星期五

Ubuntu 8.04長期支援版釋出

大家期待已久的8.04版終於出來了
這一次的版本確定會支援2年以上的更新喔
大家快去下載來玩玩吧

Ubuntu 8.04 下載網頁

2008年4月9日 星期三

postfix 利用 gmail 來送信

這一篇很久以前就想寫了
但是因為太懶了 所以直到今天才寫

而這一篇的教學可以實用在哪呢
當然就是當公司的 domain 被當成垃圾信
就可以利用 "gmail.com" 這 domain 來寄信嚕

不多說了 以下就是教學摟~~

第一步驟:

先要安裝 openssl
因為我是使用 fedora
指令用的是 yum
#yum install openssl

如果是 opensuse 可以用 smart 或 yast

安裝完後把 CA 認證移除

#rm -rf /etc/pki/CA

再編輯 openssl.cnf

#vi /etc/pki/tls/openssl.snf

..
..
dir = ../../CA
..
..

改成絕對路徑 /etc/pki/CA

再來產生新 CA 憑證

#/etc/pki/tls/misc/CA -newca


CA certificate filename (or enter to create)
(enter)
Making CA certificate ...
Generating a 1024 bit RSA private key
...................++++++
.........................................................................++++++
writing new private key to '../../CA/private/./cakey.pem'
Enter PEM pass phrase: (輸入密碼)
Verifying - Enter PEM pass phrase: (輸入密碼)
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei
Organization Name (eg, company) [My Company Ltd]: ssorc
Organizational Unit Name (eg, section) []: (可空白)
Common Name (eg, your name or your server's hostname) []:ssorc.idv.tw
Email Address []:cross@ssorc.idv.tw
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: (enter)
An optional company name []: (enter)
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for ../../CA/private/./cakey.pem: (輸入密碼)
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 0 (0x0)
Validity
Not Before: Sep 6 15:30:35 2007 GMT
Not After : Sep 5 15:30:35 2010 GMT
Subject:
countryName = TW
stateOrProvinceName = Taiwan
organizationName = ssorc
commonName = ssorc.idv.tw
emailAddress = cross@ssorc.idv.tw
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
A0:75:F0:23:0B:54:37:9E:AB:A0:DC:68:AD:B2:33:06:23:16:E9:27
X509v3 Authority Key Identifier:
keyid:A0:75:F0:23:0B:54:37:9E:AB:A0:DC:68:AD:B2:33:06:23:16:E9:27
Certificate is to be certified until Sep 5 15:30:35 2010 GMT (1095 days)
Write out database with 1 new entries
Data Base Updated

完成之後就會在 /etc/pki/ 下看到 CA 的目錄了

第二步驟:

#cd /etc/postfix
切換至 postfix 目錄底下

#mkdir certs
#cd certs

產生一個 CSR

#openssl genrsa -out itchy.key 1024
#openssl req -new -key itchy.key -out itchy.csr

再產生一個憑證

#openssl ca -out itchy.pem -infiles itchy.csr

第三步驟:

設定 main.cf

將以下的設定值貼在最尾端
要把原本預設的設定前面加 # 消掉喔

relayhost = [smtp.gmail.com]:587

#auth
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

#tls
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tks_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/postfix/certs/itchy.key
smtp_tls_cert_file=/etc/postfix/certs/itchy.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert =no
smtp_tls_enforce_peername = no

第四步驟:

#vi /etc/postfix/sasl_passwd

gmail-smtp.l.google.com user@gmail.com:password
smtp.gmail.com user@gmail.com:password

user:請輸入在 gmail 上的帳號
password:請輸入在 gmail 上的密碼

建立資料
postmap /etc/posfix/sasl_passwd

最後重新啟動 postfix

/etc/init.d/postfix restart

就成功摟

可以使用
#mail xxx@xxx.xxx

對方收到的信件就是會變成"@gmail.com"

PS:我目前只用過 gmail 的 SMTP
而 yahoo 付費信箱我沒使用過 所以不清楚
如果公司注重 "@xxx.xxx" 那就只能另尋他法摟