SERVIDOR CON EXIM
Antes de proceder deben ajustarse algunos parámetros del sistema:
#> apt-get remove sendmail
#> echo “pruebas.mayaguaray.cenditel.gob.ve” > /etc/mailname
#> echo “172.22.9.49 pruebas.mayaguaray.cenditel.gob.ve” >> /etc/hosts
-
Instalar los siguientes software:
#>apt-get install exim4 exim4-config exim4-daemon-heavy dovecot-imapd dovecot-psql
-
Agregar los siguientes parámetros de conexión con dovecot en “/etc/exim4/conf.d/auth/30_exim4-config_examples”:
#############################
## Autenticacion de Dovecot #####
#############################
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
-
Reconfigurar el exim4:
#> dpkg-reconfigure exim4-config
Cuadros de dialogo de configuración:
-
Configura un sitio Internet:
Internet site; el correo se envía y recibe directamente usando SMTP
-
Nombre del sistema de correo: pruebas.mayaguaray.cenditel.gob.ve
-
Direcciones IP en las que recibir conexiones SMTP entrantes:
172.22.9.49
-
Otros destinos para los que se acepta el correo: pruebas.mayaguaray.cenditel.gob.ve;pruebas-mail.mayaguaray.cenditel.gob.ve;localhost
-
Dominios para los que se reenvía correo: <En blanco>
-
Máquinas para las cuales reenviar correo:
<En blanco> Nota: 172.22.9.0/24 (Permite que solo las maquinas que están en esa red puedan enviar correos desde cualquier usuario a cualquier destino, deteniendo el open relay)
-
¿Limitar el número de consultas de DNS (marcación bajo demanda)? <No>
-
Mecanismo de entrega para el correo local: Formato Maildir en el directorio personal.
-
¿Dividir la configuración en pequeños ficheros? <Si>
-
Crear el archivo 30_exim4-config_dovecot en “/etc/exim4/conf.d/transport/30_exim4-config_dovecot” con las siguientes lineas:
### transport/30_exim4-config_dovecot
#################################
dovecot_delivery:
driver = appendfile
maildir_format = true
directory = /var/spool/mail/$domain/$local_part
#directory = /var/vmail/%u
create_directory = true
directory_mode = 0770
mode_fail_narrower = false
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
user = mail
group = mail
mode = 0660
-
Conexión de exim con LDAP, crear el archivo en “/etc/exim4/conf.d/main/04_exim4-config_ldap” con las siguientes lineas:
# Configuration for LDAP email aliases
ldap_default_servers = correosur-ldap.cenditel.gob.ve
LDAPUSER = cn=admin,dc=correosur,dc=cenditel
LDAPPASS = 1234567890
LDAPSEARCHBASE = dc=correosur,dc=cenditel
-
Conexión de exim con LDAP, crear el archivo en “/etc/exim4/conf.d/router/450_exim4-config_ldap_aliases” con las siguientes lineas:
### router/450_exim4-config_ldap_aliases
### Conexion con ldap
ldap_aliases:
debug_print = “R: ldap_aliases LDAP lookup for $local_part@$domain”
driver = redirect
domains = +local_domains
condition = ${lookup ldap {user=LDAPUSER pass=LDAPPASS ldap:///LDAPSEARCHBASE?mail?sub?(otherMailbox=*${quote_ldap:$local_part@$domain}*)}}
data = ${lookup ldap {user=LDAPUSER pass=LDAPPASS ldap:///LDAPSEARCHBASE}}
#> exim4 -bt <email address or alias>
#> exim4 -bt admin
Resultado
R: system_aliases for admin@pruebas.mayaguaray.cenditel.gob.ve
R: ldap_aliases LDAP lookup for admin@pruebas.mayaguaray.cenditel.gob.ve
R: userforward for admin@pruebas.mayaguaray.cenditel.gob.ve
R: procmail for admin@pruebas.mayaguaray.cenditel.gob.ve
R: maildrop for admin@pruebas.mayaguaray.cenditel.gob.ve
R: lowuid_aliases for admin@pruebas.mayaguaray.cenditel.gob.ve (UID 1007)
R: local_user for admin@pruebas.mayaguaray.cenditel.gob.ve
admin@pruebas.mayaguaray.cenditel.gob.ve
router = local_user, transport = maildir_home
-
-
Edita el archivo /etc/exim4/conf.d/main/02_exim4-config_options y al final del archivo agrega:
-
CHECK_RCPT_IP_DNSBLS = zen.spamhaus.org : bl.spamcop.net : cbl.abuseat.org : sbl-xbl.spamhaus.org : psbl.surriel.com : b.barracudacentral.org : dul.dnsbl.sorbs.net : spamsources.fabel.dk
-
Edita el archivo /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt y modifica:
warn
dnslists = CHECK_RCPT_IP_DNSBLS
add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
por:
drop
dnslists = CHECK_RCPT_IP_DNSBLS
add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
drop
CHECK_RCPT_IP_DNSBLS = zen.spamhaus.org : bl.spamcop.net : cbl.abuseat.org : sbl-xbl.spamhaus.org : psbl.surriel.com : b.barracudacentral.org : dul.dnsbl.sorbs.net : spamsources.fabel.dk
dnslists = CHECK_RCPT_IP_DNSBLS
add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
-
Autenticación con TLS
- Edita /etc/exim4/conf.d/main/03_exim4-config_tlsoptions y agrega la línea, al inicio del archivo,
MAIN_TLS_ENABLE = 1
tls_on_connect_ports = 465
-
Generar un certificado de seguridad, por ejemplo,
#> /usr/share/doc/exim4-base/examples/exim-gencert
Resultado:
Country Code (2 letters) [US]:VE
State or Province Name (full name) []:MERIDA
Locality Name (eg, city) []:MERIDA
Organization Name (eg, company; recommended) []:CENDITEL
Organizational Unit Name (eg, section) []:CENDITEL
Server name (eg. ssl.domain.tld; required!!!) []:pruebas-mail.mayaguaray.cenditel.gob.ve
Email Address []:lcolina@cenditel.gob.ve
[*] Done generating self signed certificates for exim!
Refer to the documentation and example configuration files
over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS
support in your mail transfer agent.
Los archivos exim.crt y exim.key son guardados en /etc/exim4. El certificados es válido por tres años. Si deseas cambiar el tiempo de validez, edita /usr/share/doc/exim4-base/examples/exim-gencert y modifica la variable DAYS, por ejemplo, DAYS=3652
(diez años). Genera nuevamente el certificado.
-
Actualiza la configuración de Exim y reinicia exim:
#> update-exim4.conf
#> systemctl restart exim4
-
Edita /etc/default/exim4 y modifica,
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
#> telnet pruebas.mayaguaray.cenditel.gob.ve 25
Resultado:
Trying 172.22.9.49…
Connected to pruebas.mayaguaray.cenditel.gob.ve.
Escape character is ‘^]’.
220 cenditel09-0030.cenditel ESMTP Exim 4.84_2 Wed, 03 Aug 2016 12:15:45 -0400
EHLO pruebas.mayaguaray.cenditel.gob.ve
250-cenditel09-0030.cenditel Hello pruebas.mayaguaray.cenditel.gob.ve [172.22.9.49]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
STARTTLS
220 TLS go ahead
#> swaks -a -ssl -p 25 -q AUTH -s pruebas.mayaguaray.cenditel.gob.ve -au admin1
Resultado:
=== Trying pruebas.mayaguaray.cenditel.gob.ve:25…
=== Connected to pruebas.mayaguaray.cenditel.gob.ve.
<- 220 cenditel09-0030.cenditel ESMTP Exim 4.84_2 Mon, 08 Aug 2016 12:37:18 -0400
-> EHLO cenditel09-0030.cenditel
<- 250-cenditel09-0030.cenditel Hello pruebas.mayaguaray.cenditel.gob.ve [172.22.9.49]
<- 250-SIZE 52428800
<- 250-8BITMIME
<- 250-PIPELINING
<- 250-AUTH LOGIN PLAIN
<- 250-STARTTLS
<- 250 HELP
-> AUTH LOGIN
<- 334 VXNlcm5hbWU6
-> YWRtaW4x
<- 334 UGFzc3dvcmQ6
-> YWRtaW4x
<- 235 Authentication succeeded
-> QUIT
<- 221 cenditel09-0030.cenditel closing connection
=== Connection closed with remote host.
-
Prueba de autenticación TLS:
#> swaks -a -tls -q AUTH -s pruebas.mayaguaray.cenditel.gob.ve -au admin1
Resultado: === Trying pruebas.mayaguaray.cenditel.gob.ve:25... === Connected to pruebas.mayaguaray.cenditel.gob.ve. <- 220 cenditel09-0030.cenditel ESMTP Exim 4.84_2 Wed, 03 Aug 2016 12:20:39 -0400 -> EHLO cenditel09-0030.cenditel <- 250-cenditel09-0030.cenditel Hello pruebas.mayaguaray.cenditel.gob.ve [172.22.9.49] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-AUTH LOGIN PLAIN <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead === TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 === TLS no local certificate set === TLS peer DN="/C=VE/ST=MERIDA/L=MERIDA/O=CENDITEL/OU=CENDITEL/CN=pruebas-mail.mayaguaray.cenditel.gob.ve/emailAddress=lcolina@cenditel.gob.ve" ~> EHLO cenditel09-0030.cenditel <~ 250-cenditel09-0030.cenditel Hello pruebas.mayaguaray.cenditel.gob.ve [172.22.9.49] <~ 250-SIZE 52428800 <~ 250-8BITMIME <~ 250-PIPELINING <~ 250-AUTH LOGIN PLAIN <~ 250 HELP ~> AUTH LOGIN <~ 334 VXNlcm5hbWU6 ~> YWRtaW4x <~ 334 UGFzc3dvcmQ6 ~> YWRtaW4x <~ 235 Authentication succeeded ~> QUIT <~ 221 cenditel09-0030.cenditel closing connection === Connection closed with remote host.
#> openssl s_client -connect pruebas.mayaguaray.cenditel.gob.ve:25 -starttls smtp -verify 5 -CAfile /etc/exim4/exim.crt
Resultado: New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 13F9EF33D3F39DD72EF42A51DB3E6615722B4CB5F494B781189E1EFB1EECFCC8 Session-ID-ctx: Master-Key: 88DF82AC74E852E8B84B4C17CE64A9BD8ACB6E39A52BA127126B0092C70F9FE3F7DEB1D9B876CDF96D50698ADFF04083 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1470240806 Timeout : 300 (sec) Verify return code: 0 (ok) --- 250 HELP
#> apt-get install spamassassin spamc dovecot-antispam dovecot-sieve
-
Edita /etc/default/spamassassin y modifica la variable ENABLED a,
ENABLED=0
-
Modifica también la variable CRON a,
CRON=1
-
Instala el paquete sa-exim,
#> apt-get install sa-exim
-
Edita /etc/exim4/sa-exim.conf y comenta la línea,
#SAEximRunCond: 0
-
Actualiza la configuración de Exim,
#> update-exim4.conf
-
Reinicia exim4,
#> systemctl restart exim4
-
Activar
spamassassin
#> systemctl enable spamassassin.service
-
Iniciar spamassassin
#> systemctl start spamassassin.service
-
Modificar si es necesario /etc/exim4/exim4.conf.template a
# For spam scanning, there is a similar option that defines the interface to # SpamAssassin. You do not need to set this if you are using the default, which # is shown in this commented example. As for virus scanning, you must also # modify the acl_check_data access control list to enable spam scanning. # spamd_address = 127.0.0.1 783
-
Modificar /etc/exim4/conf.d/acl/acl_check_data en la sección de las cabeceras de spam:
### acl/40_exim4-config_check_data ################################# # This ACL is used after the contents of a message have been received. This # is the ACL in which you can test a message's headers or body, and in # particular, this is where you can invoke external virus or spam scanners. acl_check_data: ... ... ... # See the exim docs and the exim wiki for more suitable examples. # # warn # spam = Debian-exim:true # add_header = X-Spam_score: $spam_score\n\ # X-Spam_score_int: $spam_score_int\n\ # X-Spam_bar: $spam_bar\n\ # X-Spam_report: $spam_report # put headers in all messages (no matter if spam or not) warn spam = nobody:true add_header = X-Spam-Score: $spam_score ($spam_bar) add_header = X-Spam-Report: $spam_report # add second subject line with *SPAM* marker when message # is over threshold warn spam = nobody add_header = Subject: ***SPAM (score:$spam_score)*** $h_Subject: deny message = This message scored $spam_score spam points. spam = nobody condition = ${if >{$spam_score_int}{76}{1}{0}}
-
Prueba de spam:
# telnet pruebas.mayaguaray.cenditel.gob.ve 25
Resultado:
Trying 172.22.9.49…
Connected to pruebas.mayaguaray.cenditel.gob.ve.
Escape character is ‘^]’.
220 cenditel09-0030.cenditel ESMTP Exim 4.84_2 Tue, 02 Aug 2016 12:24:25 -0400
ehlo pruebas.mayaguaray.cenditel.gob.ve
250-cenditel09-0030.cenditel Hello pruebas.mayaguaray.cenditel.gob.ve [172.22.9.49]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
MAIL FROM: <admin1@pruebas.mayaguaray.cenditel.gob.ve>
250 OK
RCPT TO: <admin1@pruebas.mayaguaray.cenditel.gob.ve>
250 Accepted
DATA
354 Enter message, ending with “.” on a line by itself
Subject: test
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
.
550 This message scored 999.0 spam points.
Nota: Un error se puede presentar debido al sa-update con el nombre de dominio, el cual se encontraba en hexadecimal se debe corregir en /etc/resolv.conf y arrancar el servicio. Igualmente el sa-compile no queda totalmente instalado por falta de memoria, por tal motivo se debe estar pendiente para compilar todo el spamassassin.
-
Configuración de procmail y dovecot. La entrega será el primer intento y luego por defecto será la copia de seguridad. Luego de spam de correo y entregar, por ejemplo,
DELIVER=”/usr/lib/dovecot/deliver -d $LOGNAME”
LOGFILE=”/var/log/procmail.log”
DEFAULT=”$HOME/Maildir/”
MAILDIR=”$HOME/Maildir/”
# deliver spam to spam folder
:0 w
* ^X-Spam-Status: Yes
| $DELIVER -m $MAILDIR/.Spam
# deliver to INBOX and stop
:0 w
| $DELIVER
SERVIDOR IMAP/POP3
-
Instalar los siguientes paquetes:
#> apt-get install dovecot-imapd dovecot-psql dovecot-ldap
-
Crear un enlace simbólico
#> ln -s /etc/dovecot/dovecot-ldap.conf.ext dovecot-ldap-userdb.conf.ext
-
Agregar la siguiente configuración en el archivo /etc/dovecot/dovecot-ldap.conf.ext para la conexión al servicio ldap:
hosts = correosur-ldap.cenditel.gob.ve
dn = cn=admin,dc=correosur,dc=cenditel
dnpass = 1234567890
debug_level = -1
auth_bind = no
auth_bind_userdn = cn=%u,ou=usuarios,dc=correosur,dc=cenditel
ldap_version = 3
base = ou=usuarios,dc=correosur,dc=cenditel
user_attrs = uid=uid,gidNumber=uid
user_filter = (uid=%u)
pass_attrs = uid=%u,userPassword=password
pass_filter = (uid=%u)
default_pass_scheme = SSHA
-
Cambiar la siguiente linea en /etc/dovecot/dovecot-dict-auth.conf.ext
default_pass_scheme = SSHA
-
Modificar el archivo /etc/dovecot/10-mail.conf:
mail_location = maildir:/home/%u/Maildir
-
Modificar el archivo /etc/dovecot/10-master.conf:
service auth {
# auth_socket_path points to this userdb socket by default. It’s typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone’s userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an “uid” field that
# matches the caller process’s UID. Also if caller’s uid or gid matches the
# socket’s uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# SE AGREGO ESTO
############
# usa exim #
# ##########
unix_listener auth-client {
mode = 0660
user = Debian-exim
}
-
Modificar el archivo /etc/dovecot/auth-ldap.conf.ext:
passdb {
driver = ldap
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
args = /etc/dovecot/dovecot-ldap.conf.ext
}
# “prefetch” user database means that the passdb already provided the
# needed information and there’s no need to do a separate userdb lookup.
# <doc/wiki/UserDatabase.Prefetch.txt>
#userdb {
# driver = prefetch
#}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
# Default fields can be used to specify defaults that LDAP may override
# default_fields = home=/home/virtual/%u
#default_fields = home=/var/vmail/%u uid=vmail gid=vmail
}
# If you don’t have any user-specific settings, you can avoid the userdb LDAP
# lookup by using userdb static instead of userdb ldap, for example:
# <doc/wiki/UserDatabase.Static.txt>
#userdb {
#driver = static
#args = uid=vmail gid=vmail home=/var/vmail/%u
#}
-
En el archivo /etc/dovecot/10-auth.conf activar y desactivar lo siguientes parámetros:
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you’re connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
disable_plaintext_auth = yes
.
.
.
!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
Nota: Si no se desactiva #!include auth-passwdfile.conf.ext se tiene que crear un archivo llamado /etc/dovecot/users con los datos de los usuarios:
eparedes:{PLAIN}password:1001:8::/home/eparedes::userdb_mail=maildir:~/Maildir:allow_nets=192.168.0.0/24
-
Activación de soporte SSL/TLS en dovecot
-
Convertir los certificados que fueron creados para Exim4 a formato .pem:
-
#> cat exim.key exim.crt > dovecot.pem
ó
#> cat exim.key > dovecot.pem
#> mkdir /etc/dovecot/certs/
#> cp dovecot.pem /etc/dovecot/certs/
#> openssl x509 -in exim.crt -out localhost.pem
#> cp dovecot.pem /etc/dovecot/private/
-
Edite el archivo /etc/dovecot/conf.d/10-ssl.conf:
#> vim /etc/dovecot/conf.d/10-ssl.conf
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = yes # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf ssl_cert = </etc/dovecot/certs/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem
-
Reiniciar el servicio de dovecot:
#> systemctl restart dovecot
-
Pruebas de conexión:
#> openssl s_client -connect 127.0.0.1:993
Resultado
CONNECTED(00000003)
depth=0 C = VE, ST = MERIDA, L = MERIDA, O = CENDITEL, OU = CENDITEL, CN = pruebas-mail.mayaguaray.cenditel.gob.ve, emailAddress = lcolina@cenditel.gob.ve
verify error:num=18:self signed certificate
verify return:1
depth=0 C = VE, ST = MERIDA, L = MERIDA, O = CENDITEL, OU = CENDITEL, CN = pruebas-mail.mayaguaray.cenditel.gob.ve, emailAddress = lcolina@cenditel.gob.ve
verify return:1
—
Certificate chain
0 s:/C=VE/ST=MERIDA/L=MERIDA/O=CENDITEL/OU=CENDITEL/CN=pruebas-mail.mayaguaray.cenditel.gob.ve/emailAddress=lcolina@cenditel.gob.ve
i:/C=VE/ST=MERIDA/L=MERIDA/O=CENDITEL/OU=CENDITEL/CN=pruebas-mail.mayaguaray.cenditel.gob.ve/emailAddress=lcolina@cenditel.gob.ve
—
Server certificate
—–BEGIN CERTIFICATE—–
MIID3DCCAsQCCQCpCOrj++GJVzANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMC
VkUxDzANBgNVBAgMBk1FUklEQTEPMA0GA1UEBwwGTUVSSURBMREwDwYDVQQKDAhD
RU5ESVRFTDERMA8GA1UECwwIQ0VORElURUwxMDAuBgNVBAMMJ3BydWViYXMtbWFp
bC5tYXlhZ3VhcmF5LmNlbmRpdGVsLmdvYi52ZTEmMCQGCSqGSIb3DQEJARYXbGNv
bGluYUBjZW5kaXRlbC5nb2IudmUwHhcNMTYwNDIxMTY0MTAzWhcNMTkwNDIxMTY0
MTAzWjCBrzELMAkGA1UEBhMCVkUxDzANBgNVBAgMBk1FUklEQTEPMA0GA1UEBwwG
TUVSSURBMREwDwYDVQQKDAhDRU5ESVRFTDERMA8GA1UECwwIQ0VORElURUwxMDAu
BgNVBAMMJ3BydWViYXMtbWFpbC5tYXlhZ3VhcmF5LmNlbmRpdGVsLmdvYi52ZTEm
MCQGCSqGSIb3DQEJARYXbGNvbGluYUBjZW5kaXRlbC5nb2IudmUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUfdSFDm0FGbdpVP6Rzq3XW+IZv3vqOD4/
qiHLFJ6eV6JpnxjRr3gf9KLR2y5yeRJNljzA0hzGVExybxn7wycAH65SfVU1fv8W
xsW/TQtHj8Gly1OiD7wXTF8Xf7jOHGaTImPPol+vjuTtu4DEFjImeEI/f6lxyHjG
I+p7TbCcDiBsB/z7zJInYW2e5Q9RmFkuGLZ8fzuiTPTkUvJBFftl3zgNRLOpRPIv
D+QivgPMT8jNpDujk6TzmBErKKNnIRU5CARgVS5kQvEPyEr8dxqOE4WSJXIL3R1o
pFyEgDLGNy4tYDLqkxqpHu/Nl3LR1rEQcmNvcahrxKf/dY7WeS/NAgMBAAEwDQYJ
KoZIhvcNAQELBQADggEBAHSREA2NsWkMab2+4rnITUH1/5YhlSrQYnm+d/E8TTn7
r+bDerWksptUf+70rzTceHFmSIFDKMja7QD9FBudizfoBKFlgrnRYlmPTPRtll88
FRWvrhDDanKeMjyL2vsOJ/6f6b5+T4O36STE9EzQAg0+db/e5msIWXBPQFZSLnjo
E1VskKkSXoO7s0RuNiHeGYzd2btGT3JdmoUd9d4vSmX5tAbnbV87Up/IbizyCAz+
TJK+DSZ9ekBTdxLNtC/hCT70fxtsZHRTGOEHHjxCqqhKdVSuGz4yBnGyo3J7ax9T
EQnKdJ2n0c4jG/QXd4pMbvwjjp7TWjWlUq4XTJowpME=
—–END CERTIFICATE—–
subject=/C=VE/ST=MERIDA/L=MERIDA/O=CENDITEL/OU=CENDITEL/CN=pruebas-mail.mayaguaray.cenditel.gob.ve/emailAddress=lcolina@cenditel.gob.ve
issuer=/C=VE/ST=MERIDA/L=MERIDA/O=CENDITEL/OU=CENDITEL/CN=pruebas-mail.mayaguaray.cenditel.gob.ve/emailAddress=lcolina@cenditel.gob.ve
—
No client certificate CA names sent
—
SSL handshake has read 1683 bytes and written 447 bytes
—
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 8B429608BB34F82DB07FD2F212F19B2E49D0A33301F70DCE7DB1D8F74699667B
Session-ID-ctx:
Master-Key: AF9E5F373158F07E8808F60249B49C3B4E8F147ADF7850621DB08180179CB10F1B15BA04A17448D105940EE93E0D6311
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 – be 9b f5 cf e1 b8 8d a1-d3 d6 91 3a eb 4a 70 98 ………..:.Jp.
0010 – 4c d3 2f f6 ca aa 15 89-d9 7b 5e 5f 70 62 32 58 L./……{^_pb2X
0020 – 61 f0 59 c2 26 7b 95 c6-44 80 28 36 04 21 8e 50 a.Y.&{..D.(6.!.P
0030 – ba 24 8a 6f 2b 71 03 b0-f5 83 50 bb 91 11 1d 9e .$.o+q….P…..
0040 – 18 20 04 4f ba d8 c9 26-2f 22 d6 09 e0 a9 88 8b . .O…&/”……
0050 – 2d ac 5e 64 80 a3 07 4d-5d 9b 95 9f 3a 89 fb da -.^d…M]…:…
0060 – d9 2a 95 95 e6 60 f7 5f-e4 77 54 10 74 af f9 d6 .*…`._.wT.t…
0070 – fb 79 6f c1 22 d8 ca dc-8a 97 a6 2c 53 b9 bd 79 .yo.”……,S..y
0080 – e4 aa 63 f9 4b 95 80 6f-12 41 e7 04 2d 39 89 fc ..c.K..o.A..-9..
0090 – cb 3e d2 a9 30 40 9a 1d-74 38 6c 3b 99 80 3a 44 .>..0@..t8l;..:D
Start Time: 1471446585
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
—
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=LOGIN AUTH=PLAIN] Dovecot ready.
#> openssl s_client -crlf -connect 127.0.0.1:143 -starttls imap
Resultado
CONNECTED(00000003)
depth=0 C = VE, ST = MERIDA, L = MERIDA, O = CENDITEL, OU = CENDITEL, CN = pruebas-mail.mayaguaray.cenditel.gob.ve, emailAddress = lcolina@cenditel.gob.ve
verify error:num=18:self signed certificate
verify return:1
depth=0 C = VE, ST = MERIDA, L = MERIDA, O = CENDITEL, OU = CENDITEL, CN = pruebas-mail.mayaguaray.cenditel.gob.ve, emailAddress = lcolina@cenditel.gob.ve
verify return:1
—
Certificate chain
0 s:/C=VE/ST=MERIDA/L=MERIDA/O=CENDITEL/OU=CENDITEL/CN=pruebas-mail.mayaguaray.cenditel.gob.ve/emailAddress=lcolina@cenditel.gob.ve
i:/C=VE/ST=MERIDA/L=MERIDA/O=CENDITEL/OU=CENDITEL/CN=pruebas-mail.mayaguaray.cenditel.gob.ve/emailAddress=lcolina@cenditel.gob.ve
—
Server certificate
—–BEGIN CERTIFICATE—–
MIID3DCCAsQCCQCpCOrj++GJVzANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMC
VkUxDzANBgNVBAgMBk1FUklEQTEPMA0GA1UEBwwGTUVSSURBMREwDwYDVQQKDAhD
RU5ESVRFTDERMA8GA1UECwwIQ0VORElURUwxMDAuBgNVBAMMJ3BydWViYXMtbWFp
bC5tYXlhZ3VhcmF5LmNlbmRpdGVsLmdvYi52ZTEmMCQGCSqGSIb3DQEJARYXbGNv
bGluYUBjZW5kaXRlbC5nb2IudmUwHhcNMTYwNDIxMTY0MTAzWhcNMTkwNDIxMTY0
MTAzWjCBrzELMAkGA1UEBhMCVkUxDzANBgNVBAgMBk1FUklEQTEPMA0GA1UEBwwG
TUVSSURBMREwDwYDVQQKDAhDRU5ESVRFTDERMA8GA1UECwwIQ0VORElURUwxMDAu
BgNVBAMMJ3BydWViYXMtbWFpbC5tYXlhZ3VhcmF5LmNlbmRpdGVsLmdvYi52ZTEm
MCQGCSqGSIb3DQEJARYXbGNvbGluYUBjZW5kaXRlbC5nb2IudmUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUfdSFDm0FGbdpVP6Rzq3XW+IZv3vqOD4/
qiHLFJ6eV6JpnxjRr3gf9KLR2y5yeRJNljzA0hzGVExybxn7wycAH65SfVU1fv8W
xsW/TQtHj8Gly1OiD7wXTF8Xf7jOHGaTImPPol+vjuTtu4DEFjImeEI/f6lxyHjG
I+p7TbCcDiBsB/z7zJInYW2e5Q9RmFkuGLZ8fzuiTPTkUvJBFftl3zgNRLOpRPIv
D+QivgPMT8jNpDujk6TzmBErKKNnIRU5CARgVS5kQvEPyEr8dxqOE4WSJXIL3R1o
pFyEgDLGNy4tYDLqkxqpHu/Nl3LR1rEQcmNvcahrxKf/dY7WeS/NAgMBAAEwDQYJ
KoZIhvcNAQELBQADggEBAHSREA2NsWkMab2+4rnITUH1/5YhlSrQYnm+d/E8TTn7
r+bDerWksptUf+70rzTceHFmSIFDKMja7QD9FBudizfoBKFlgrnRYlmPTPRtll88
FRWvrhDDanKeMjyL2vsOJ/6f6b5+T4O36STE9EzQAg0+db/e5msIWXBPQFZSLnjo
E1VskKkSXoO7s0RuNiHeGYzd2btGT3JdmoUd9d4vSmX5tAbnbV87Up/IbizyCAz+
TJK+DSZ9ekBTdxLNtC/hCT70fxtsZHRTGOEHHjxCqqhKdVSuGz4yBnGyo3J7ax9T
EQnKdJ2n0c4jG/QXd4pMbvwjjp7TWjWlUq4XTJowpME=
—–END CERTIFICATE—–
subject=/C=VE/ST=MERIDA/L=MERIDA/O=CENDITEL/OU=CENDITEL/CN=pruebas-mail.mayaguaray.cenditel.gob.ve/emailAddress=lcolina@cenditel.gob.ve
issuer=/C=VE/ST=MERIDA/L=MERIDA/O=CENDITEL/OU=CENDITEL/CN=pruebas-mail.mayaguaray.cenditel.gob.ve/emailAddress=lcolina@cenditel.gob.ve
—
No client certificate CA names sent
—
SSL handshake has read 2014 bytes and written 473 bytes
—
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: EC371C8536CDF78A39CB3826F4AC40F78CB285B9E26A4802C3DD99D4A01E1EDC
Session-ID-ctx:
Master-Key: A8D93F559DD5302F7E00A44BBDCCE2B409E1B9754D60F6F15F05C929543B0771BFFD04A8CE52F013B8972E0E6674774D
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 – e9 86 bf d6 a6 95 92 22-ca c5 b0 49 20 36 69 d9 …….”…I 6i.
0010 – 48 f3 8a 9d f5 51 1b e3-48 b5 3b 98 78 e9 69 cd H….Q..H.;.x.i.
0020 – 49 17 37 a6 f1 23 68 da-f8 92 7f c6 fa ee d0 55 I.7..#h……..U
0030 – 03 e1 a8 1d 70 f1 f9 6c-69 6a 77 93 a4 69 83 3e ….p..lijw..i.>
0040 – 52 62 5c 33 9d ed a4 aa-18 08 ff ba 54 dd 7d 9c Rb\3……..T.}.
0050 – 30 9f 11 15 ed 86 a2 3e-b5 c5 d3 0b 38 b0 4c dd 0……>….8.L.
0060 – e8 a1 ba 2e 32 16 ca ea-1e 1f 94 02 c2 c5 7a 72 ….2………zr
0070 – ec 3c d1 ab ab 96 aa e4-81 17 51 3e ef 2d 96 10 .<……..Q>.-..
0080 – 64 28 e6 86 ff 94 89 7a-a9 95 7c c8 96 5d 8c 86 d(…..z..|..]..
0090 – 75 f5 31 b6 18 e7 fa cf-fb 7f 69 49 16 66 56 e6 u.1…….iI.fV.
Start Time: 1471447063
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
—
. OK Pre-login capabilities listed, post-login capabilities have more.