Stunnel

SSL이 아닌 SMTP 메일 서버로 SSL 보안 연결을 제공하기 위해 stunnel을 사용할 수 있습니다. SMTP 서버는 25번 포트로 TCP 접속을 한다 가정하면, stunnel에 SSL 포트로 465로 설정하고 SSL이 아닌 포트를 25로 설정합니다.
즉 SMTPS를 사용하기 위해 사용하는 것이 Stunnel 이다.

 

https://docs.linuxconsulting.mn.it/notes/postfix-stunnel-smtps

/etc/init.d/stunnel

#!/bin/bash
#
# Init Script to run stunnel in daemon mode at boot time.
#
# Author: Riccardo Riva - RPM S.r.l.
# Revision 1.0  -  2010 November, 11
#
# Revision 1.1 - 2015 September, 21
#
#
# Changed definition of SEXE variable to find automatically the path of stunnel
#

#====================================================================
# Run level information:
#
# chkconfig: 2345 99 99
# description: Secure Tunnel
# processname: stunnel
#
# Run "/sbin/chkconfig --add stunnel" to add the Run levels.
# This will setup the symlinks and set the process to run at boot.
#====================================================================

#====================================================================
# Paths and variables and system checks.

# Source function library
. /etc/rc.d/init.d/functions

# Check that networking is up.
#
[ ${NETWORKING} ="yes" ] || exit 0

# Path to the executable.
#
SEXE=`which stunnel`

# Path to the configuration file.
#
CONF=/etc/stunnel/stunnel.conf

# Check the configuration file exists.
#
if [ ! -f $CONF ]
then
        echo "The configuration file cannot be found!"
        exit 0
fi

# Path to the lock file.
#
LOCK_FILE=/var/lock/subsys/stunnel

#====================================================================

# Run controls:

prog=$"stunnel"

RETVAL=0

# Start stunnel as daemon.
#
start() {
        if [ -f $LOCK_FILE ]
        then
                echo "stunnel is already running!"
                exit 0
        else
                echo -n $"Starting $prog: "
                $SEXE $CONF
        fi

        RETVAL=$?
        [ $RETVAL -eq 0 ] && success
        echo
        [ $RETVAL -eq 0 ] && touch $LOCK_FILE
        return $RETVAL
}

# Stop stunnel.
#
stop() {
        if [ ! -f $LOCK_FILE ]
        then
                echo "stunnel is not running!"
                exit 0

        else

                echo -n $"Shutting down $prog: "
                killproc stunnel
                RETVAL=$?
                [ $RETVAL -eq 0 ]
                rm -f $LOCK_FILE
                echo
                return $RETVAL

        fi
}

# See how we were called.
case "$1" in
        start)
                start
                ;;
        stop)
                stop
                ;;
        restart)
                stop
                start
                ;;
        condrestart)
                if [ -f $LOCK_FILE ]
                then
                        stop
                        start
                        RETVAL=$?
                fi
                ;;
        status)
                status stunnel
                RETVAL=$?
                ;;
        *)
                echo $"Usage: $0 {start|stop|restart|condrestart|status}"
                RETVAL=1
esac

exit $RETVAL

/etc/stunnel/stunnel.conf

output=/var/log/stunnel

[smtp-tls-wrapper]
accept=127.0.0.1:11125
client=yes
sslVersion=TLSv1.2
connect=gw.test.com:465

/etc/postfix/virtual

가장 아래에 추가

root  ldap@test.co.kr

728x90

/etc/postfix/main.tf

윗부분에 
mydomain = test.co.kr

smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

/etc/postfix/sasl_passwd

[gw.test.com]:11125 'mail_sender':'Wjdqh02)@'

위 설정 후 추가로 sasl_passwd.db로 암호화 되게끔 세팅

추가로 SASL 암호화 관련 링크

https://www.spinics.net/lists/cyrus-sasl/msg02896.html

https://blog.sys4.de/cyrus-sasl-ldapdb-man-page-en.html