# 自建 SMTP Server on sles15-sp5
* 產生 SMTP Server 憑證檔
```
# Generate a Certificate Authority Certificate
## Generate a CA certificate private key.
$ openssl genrsa -out ca.key 4096
## Generate the CA certificate.
$ openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=TW/ST=Taiwan/L=Taipei/O=example/OU=lab/CN=smtp.cooloo9871.com" \
-key ca.key \
-out ca.crt
# Generate a Server Certificate
## Generate a private key.
$ openssl genrsa -out server.key 4096
## Generate a certificate signing request (CSR).
$ openssl req -sha512 -new \
-subj "/C=TW/ST=Taiwan/L=Taipei/O=example/OU=lab/CN=smtp.cooloo9871.com" \
-key server.key \
-out server.csr
## Generate an x509 v3 extension file.
$ cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=smtp.cooloo9871.com
DNS.2=cooloo9871.com
DNS.3=smtp
EOF
## Use the v3.ext file to generate a certificate for your Harbor host.
$ openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in server.csr \
-out server.crt
$ pwd
/home/rancher/SelfSigned-RootCA
```
## 安裝與設定 SMTP Server
* Install Postfix.
```
$ sudo zypper -n install postfix
```
* rename to disable
```
$ sudo mv /etc/sysconfig/postfix /etc/sysconfig/postfix.org
```
```
$ sudo nano -l /etc/postfix/main.cf
# line 114: uncomment and specify domain name
mydomain = lab.com
# line 130: uncomment
myorigin = $mydomain
# line 294: uncomment and specify local network
mynetworks = 192.168.11.0/24
# line 451: uncomment to move Maildir
home_mailbox = Maildir/
# line 714: change
inet_interfaces = all
# line 719: add
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# line 720: specify hostname
myhostname = lab.com
# line 735
# limit a message size if need (example below means 10M limit)
message_size_limit = 10485760
# line 747: change
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject
# Configure SSL/TLS to encrypt connections
# line 782: change
smtpd_use_tls = yes
# line 788: specify certificates
smtpd_tls_cert_file = /home/rancher/SelfSigned-RootCA/server.crt
smtpd_tls_key_file = /home/rancher/SelfSigned-RootCA/server.key
# line 793: add
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
```
```
$ sudo nano -l /etc/postfix/master.cf
### line: 24 取消註解
submission inet n - n - - smtpd
### line: 25,26,28 取消註解
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
# -o content_filter=smtp:[127.0.0.1]:10024
-o smtpd_sasl_auth_enable=yes
### line: 43-45 取消註解
submissions inet n - n - - smtpd
-o syslog_name=postfix/submissions
-o smtpd_tls_wrappermode=yes
### line: 64 取消註解
tlsmgr unix - - n 1000? 1 tlsmgr
```
## 啟動 SMTP Server
```
$ sudo systemctl enable --now postfix
```
## 測試
```
# 本地測試寄信
$ echo "Test1 Postfix Gmail https://example.com" | mail -s "Postfix Gmail" "<your email address>"
# 在別台機器寄信
$ echo "Test2 Postfix Gmail https://example.com" | mail -S smtp=192.168.11.90 -s "Postfix Gmail" "<your email address>"
```
## 參考
https://hackmd.io/@QI-AN/rJgIEoCJ0a
Sign in with Wallet
Connect another wallet