Estou tentando configurar o Sendmail com SSL do LetsEncrypt. No começo, eu não era capaz de enviar um email do meu servidor para, por exemplo. gmail.com, por causa do problema de segurança, eu acho.
Gerei um certificado com LestEncrypt e coloquei o código abaixo em /etc/mail/sendmail.mc
:
(...)
dnl#
define(`confCACERT_PATH',`/etc/letsencrypt/live/mydomain.com')dnl
define(`confCACERT',`/etc/letsencrypt/live/mydomain.com/chain.pem')dnl
define(`confSERVER_CERT',`/etc/letsencrypt/live/mydomain.com/cert.pem')dnl
define(`confSERVER_KEY',`/etc/letsencrypt/live/mydomain.com/privkey.pem')dnl
dnl#
define(`confLOG_LEVEL', `14')dnl
No entanto, ainda não funciona. É isso que recebo nos logs:
Jan 24 04:03:50 vps636848 sm-mta[11490]: error: safesasl(/etc/sasl2/Sendmail.conf) failed: No such file or directory
Jan 24 04:03:50 vps636848 sm-mta[11490]: error: safesasl(/etc/sasl/Sendmail.conf) failed: No such file or directory
Jan 24 04:03:50 vps636848 sm-mta[11490]: error: safesasl(/usr/lib/x86_64-linux-gnu/sasl2/Sendmail.conf) failed: No such file or directory
Jan 24 04:03:50 vps636848 sm-mta[11490]: error: safesasl(/usr/lib/sasl2/Sendmail.conf) failed: No such file or directory
Jan 24 04:03:50 vps636848 sm-mta[11492]: starting daemon (8.15.2): SMTP+queueing@00:10:00
Jan 24 04:03:50 vps636848 sm-mta[11492]: STARTTLS: CRLFile missing
Jan 24 04:03:50 vps636848 sm-mta[11492]: STARTTLS=server, Diffie-Hellman init, key=2048 bit (I)
Jan 24 04:03:50 vps636848 sm-mta[11492]: STARTTLS=server, init=1
Jan 24 04:03:50 vps636848 sm-mta[11492]: started as: /usr/sbin/sendmail-mta -Am -L sm-mta -bd -q10m
Jan 24 04:04:01 vps636848 sendmail[11505]: x0O33wpa011505: from=kuba, size=5, class=0, nrcpts=1, msgid=<[email protected]>, relay=kuba@localhost
Jan 24 04:04:01 vps636848 sm-mta[11506]: NOQUEUE: connect from localhost [127.0.0.1]
Jan 24 04:04:01 vps636848 sm-mta[11506]: AUTH: available mech=DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN ANONYMOUS, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
Jan 24 04:04:01 vps636848 sm-mta[11506]: x0O341lV011506: Milter: no active filter
Jan 24 04:04:01 vps636848 sendmail[11505]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Jan 24 04:04:01 vps636848 sm-mta[11506]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1.2, verify=NO, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Jan 24 04:04:01 vps636848 sm-mta[11506]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok
Jan 24 04:04:01 vps636848 sm-mta[11506]: AUTH: available mech=DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN ANONYMOUS, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
Jan 24 04:04:01 vps636848 sm-mta[11506]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory
Jan 24 04:04:01 vps636848 sm-mta[11506]: ruleset=trust_auth, [email protected], relay=localhost [127.0.0.1], reject=550 5.7.1 <[email protected]>... not authenticated
Jan 24 04:04:01 vps636848 sm-mta[11506]: x0O341lW011506: from=<[email protected]>, size=271, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTPS, daemon=MTA-v4, relay=localhost [127.0.0.1]
Jan 24 04:04:01 vps636848 sm-mta[11506]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory
Jan 24 04:04:01 vps636848 sendmail[11505]: x0O33wpa011505: [email protected], ctladdr=kuba (1001/1001), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=30005, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (x0O341lW011506 Message accepted for delivery)
Jan 24 04:04:01 vps636848 sm-mta[11508]: x0O341lW011506: makeconnection (gmail-smtp-in.l.google.com. [IPv6:2a00:1450:400c:c04:0:0:0:1b]) failed: Network is unreachable
Jan 24 04:04:01 vps636848 sm-mta[11506]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory
Jan 24 04:04:01 vps636848 sm-mta[11508]: x0O341lW011506: SMTP outgoing connect on mydomain.com
Jan 24 04:04:01 vps636848 sm-mta[11508]: STARTTLS: ClientCertFile missing
Jan 24 04:04:01 vps636848 sm-mta[11508]: STARTTLS: ClientKeyFile missing
Jan 24 04:04:01 vps636848 sm-mta[11508]: STARTTLS: CRLFile missing
Jan 24 04:04:01 vps636848 sm-mta[11508]: STARTTLS=client, init=1
Jan 24 04:04:01 vps636848 sm-mta[11508]: STARTTLS=client, start=ok
Jan 24 04:04:01 vps636848 sm-mta[11508]: STARTTLS: TLS cert verify: depth=1 /C=US/O=Google Trust Services/CN=Google Internet Authority G3, state=0, reason=unable to get local issuer certificate
Jan 24 04:04:01 vps636848 sm-mta[11508]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Jan 24 04:04:01 vps636848 sm-mta[11508]: STARTTLS=client, cert-subject=/C=US/ST=California/L=Mountain+20View/O=Google+20LLC/CN=mx.google.com, cert-issuer=/C=US/O=Google+20Trust+20Services/CN=Google+20Internet+20Authority+20G3, verifymsg=unable to get local issuer certificate
Jan 24 04:04:01 vps636848 sm-mta[11508]: x0O341lW011506: to=<[email protected]>, ctladdr=<[email protected]> (1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120271, relay=gmail-smtp-in.l.google.com. [74.125.206.27], dsn=2.0.0, stat=Sent (OK 1548299041 h8si75004030wrv.45 - gsmtp)
Jan 24 04:04:01 vps636848 sm-mta[11508]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory
Jan 24 04:04:01 vps636848 sm-mta[11508]: x0O341lW011506: done; delay=00:00:00, ntries=1
Jan 24 04:04:01 vps636848 sm-mta[11508]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory
Jan 24 04:04:01 vps636848 sm-mta[11508]: STARTTLS=client, SSL_shutdown failed: -1