From 5be914ec97a61ba7d97f427d5fd9b6622a0cadd8 Mon Sep 17 00:00:00 2001 From: Deon George Date: Tue, 2 May 2023 17:16:10 +1000 Subject: [PATCH] Added LDAP support --- Dockerfile | 72 +++++++---- defaults/ldap_relay_domains | 13 ++ defaults/ldap_relay_recipient_maps | 13 ++ defaults/ldap_virtual_alias_maps | 13 ++ defaults/ldap_virtual_mailbox_maps | 13 ++ defaults/relay_domains | 1 + defaults/relay_recipient_maps | 1 + defaults/virtual_alias_maps | 0 defaults/virtual_mailbox_maps | 1 + custom.cf => include/01-custom.cf | 2 + include/10-ssl.cf | 11 ++ include/20-sasl.cf | 4 + include/40-relay.cf | 10 ++ include/41-virtual.cf | 16 +++ opendkim.cf => include/50-milters.cf | 0 init | 71 ++++++++++- smtp_relay_auth.cf | 7 - smtpd.conf | 5 +- ssl/ca.crts | 183 +++++++++++++++++++++++++++ 19 files changed, 394 insertions(+), 42 deletions(-) create mode 100644 defaults/ldap_relay_domains create mode 100644 defaults/ldap_relay_recipient_maps create mode 100644 defaults/ldap_virtual_alias_maps create mode 100644 defaults/ldap_virtual_mailbox_maps create mode 100644 defaults/relay_domains create mode 100644 defaults/relay_recipient_maps create mode 100644 defaults/virtual_alias_maps create mode 100644 defaults/virtual_mailbox_maps rename custom.cf => include/01-custom.cf (52%) create mode 100644 include/10-ssl.cf create mode 100644 include/20-sasl.cf create mode 100644 include/40-relay.cf create mode 100644 include/41-virtual.cf rename opendkim.cf => include/50-milters.cf (100%) delete mode 100644 smtp_relay_auth.cf create mode 100644 ssl/ca.crts diff --git a/Dockerfile b/Dockerfile index ad0f4fa..366ca95 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,44 +4,66 @@ FROM alpine # Change to http respositories, so they we can cache the install packages -RUN if [ -n ${HTTP_PROXY} ] ; then sed -ie s'/https/http/' /etc/apk/repositories; fi +RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi -RUN apk add --no-cache postfix cyrus-sasl opendkim opendkim-utils - -# Config postfix -RUN sed -ie 's%^#mynetworks = hash:/etc/postfix/network_table%mynetworks = /etc/opendkim/signing/TrustedHosts%' /etc/postfix/main.cf \ - && sed -ie 's%^#relay_domains = %relay_domains = lmdb:/etc/postfix/custom/transport%' /etc/postfix/main.cf \ - && echo 'transport_maps = lmdb:/etc/postfix/custom/transport' >> /etc/postfix/main.cf \ - && echo -n 'bWVzc2FnZV9zaXplX2xpbWl0ID0gMjU2MDAwMDAKcXVldWVfbWluZnJlZSA9IDUxMjAwMDAwCg=='|base64 -d >> /etc/postfix/main.cf \ - && echo -n 'c210cF9zYXNsX2F1dGhfZW5hYmxlID0geWVzCnNtdHBfdGxzX3NlY3VyaXR5X2xldmVsID0gZW5j\ -cnlwdApzbXRwX3Nhc2xfcGFzc3dvcmRfbWFwcyA9IGxtZGI6L2V0Yy9wb3N0Zml4L2N1c3RvbS9z\ -YXNsX3Bhc3N3ZApzbXRwX3Nhc2xfc2VjdXJpdHlfb3B0aW9ucyA9CnNtdHBfdGxzX0NBZmlsZSA9\ -IC9ldGMvc3NsL2NlcnRzL2NhLWNlcnRpZmljYXRlcy5jcnQKc210cF91c2VfdGxzID0geWVzCiNy\ -ZWxheWhvc3QgPSAvZXRjL3Bvc3RmaXgvY3VzdG9tL3JlbGF5X2hvc3QK'|base64 -d >> /etc/postfix/main.cf +RUN apk add --no-cache postfix postfix-ldap cyrus-sasl cyrus-sasl-login opendkim opendkim-utils +# SASL config COPY smtpd.conf /etc/sasl2/ + RUN apk add shadow && useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd \ && gpasswd -a postfix opendkim +# Config postfix +RUN sed -i -e 's%^#mynetworks = hash:/etc/postfix/network_table%mynetworks = /etc/opendkim/signing/TrustedHosts%' /etc/postfix/main.cf +COPY include /etc/postfix/include +COPY ssl /etc/postfix/ssl + # Enable DKIM -RUN mkdir /run/opendkim \ - && echo -n 'IyBNaWx0ZXIgY29uZmlndXJhdGlvbiAtIG9wZW5ka2ltCiMgSWYgdGhlIE9wZW5ES0lNIG1pbHRl\ -ciBpc24ndCBhdmFpbGFibGUsIGFjY2VwdCB0aGUgbWVzc2FnZSBhbnl3YXkuCm1pbHRlcl9kZWZh\ -dWx0X2FjdGlvbiA9IGFjY2VwdAojIFdoYXQgbWlsdGVyIGNvbW11bmljYXRpb24gcHJvdG9jb2wg\ -c2hvdWxkIGJlIHVzZWQgdG8gcGFzcyBtZXNzYWdlcwojIHRvIGFuZCBmcm9tIE9wZW5ES0lNPwpt\ -aWx0ZXJfcHJvdG9jb2wgPSA2CiMgV2hlcmUgc2hvdWxkIHRoZSBPcGVuREtJTSBtaWx0ZXIgYmUg\ -Y29udGFjdCB0aHJvdWdoPyAgTm90ZSB0aGF0IHRoaXMKIyBpcyBpbnNpZGUgdGhlIC92YXIvc3Bv\ -b2wvcG9zdGZpeCBjaHJvb3QuCnNtdHBkX21pbHRlcnMgPSBpbmV0OjEyNy4wLjAuMTo4ODkxCiMg\ -U2VuZCBtYWlsIHRoYXQgZG9lc24ndCBhcnJpdmUgZnJvbSB0aGUgbmV0d29yayB0aHJvdWdoIHRo\ -ZSBzYW1lIG1pbHRlcgojIGFzIG91dGJvdW5kIG1haWwuCm5vbl9zbXRwZF9taWx0ZXJzID0gJHNt\ -dHBkX21pbHRlcnMK' |base64 -d >> /etc/postfix/main.cf +RUN mkdir /run/opendkim COPY opendkim.conf /etc/opendkim/ COPY signing /etc/opendkim/signing/ +COPY defaults /defaults/ COPY init /sbin/ -VOLUME ["/var/spool/postfix","/etc/postfix/custom"] +VOLUME [ "/var/spool/postfix","/etc/postfix/custom","/var/mail/vhosts" ] EXPOSE 25 # Starting ENTRYPOINT [ "/sbin/init" ] + + +# Control +#* add require EHLO - DONE +#* mydestination +#* ldap hostname via init in where clauses +#* virtual_alias_domain ? (Dont list in mydestination) OR (for unix accounts - DONT NEED?) +#* virtual_mailbox_domain (Dont list in mydestination) +# +# +# 1 /etc/postfix/main.cf: +# 2 virtual_mailbox_domains = example.com ...more domains... +# 3 virtual_mailbox_base = /var/mail/vhosts +# 4 virtual_mailbox_maps = hash:/etc/postfix/vmailbox +# 5 virtual_minimum_uid = 100 +# 6 virtual_uid_maps = static:5000 +# 7 virtual_gid_maps = static:5000 +# 8 virtual_alias_maps = hash:/etc/postfix/virtual +# 9 +# 10 /etc/postfix/vmailbox: +# 11 info@example.com example.com/info +# 12 sales@example.com example.com/sales/ +# 13 # Comment out the entry below to implement a catch-all. +# 14 # @example.com example.com/catchall +# 15 ...virtual mailboxes for more domains... +# 16 +# 17 /etc/postfix/virtual: +# 18 postmaster@example.com postmaster +# +#TEST Environement: +#* dege.lan - virtual +#* dege.au - virtual +#* dlcm.co - virtual +#* bbs.dege.au - sync +#* dcml.au - axigen diff --git a/defaults/ldap_relay_domains b/defaults/ldap_relay_domains new file mode 100644 index 0000000..f5f6c3c --- /dev/null +++ b/defaults/ldap_relay_domains @@ -0,0 +1,13 @@ +server_host = ldap +search_base = @LDAP_SEARCH_BASE@ +version = 3 +bind = no +#bind_dn = cn=admin,dc=example,dc=com +#bind_pw = password +query_filter = (&(objectClass=inetLocalMailRecipient) (!(mailHost=@THIS_HOST@)) (|(mail=%s) (mailLocalAddress=%s))) +#domain = example.com, hash:/etc/postfix/searchdomains +#expansion_limit = 1 +#recursion_limit = 1 +#size_limit = $expansion_limit +result_attribute = mailHost +result_format = relay:[%s] diff --git a/defaults/ldap_relay_recipient_maps b/defaults/ldap_relay_recipient_maps new file mode 100644 index 0000000..58f31ff --- /dev/null +++ b/defaults/ldap_relay_recipient_maps @@ -0,0 +1,13 @@ +server_host = ldap +search_base = @LDAP_SEARCH_BASE@ +version = 3 +bind = no +#bind_dn = cn=admin,dc=example,dc=com +#bind_pw = password +query_filter = (&(objectClass=inetLocalMailRecipient) (|(mail=%s)(mailLocalAddress=%s))) +#domain = example.com, hash:/etc/postfix/searchdomains +#expansion_limit = 1 +#recursion_limit = 1 +#size_limit = $expansion_limit +result_attribute = uidNumber +# result_format = %s diff --git a/defaults/ldap_virtual_alias_maps b/defaults/ldap_virtual_alias_maps new file mode 100644 index 0000000..45a7084 --- /dev/null +++ b/defaults/ldap_virtual_alias_maps @@ -0,0 +1,13 @@ +server_host = ldap +search_base = @LDAP_SEARCH_BASE@ +version = 3 +bind = no +#bind_dn = cn=admin,dc=example,dc=com +#bind_pw = password +query_filter = (&(objectClass=inetLocalMailRecipient) (mailHost=@THIS_HOST@) (|(mail=%s)(mailLocalAddress=%s))) +#domain = example.com, hash:/etc/postfix/searchdomains +#expansion_limit = 1 +#recursion_limit = 1 +#size_limit = $expansion_limit +result_attribute = mailRoutingAddress +# result_format = %s diff --git a/defaults/ldap_virtual_mailbox_maps b/defaults/ldap_virtual_mailbox_maps new file mode 100644 index 0000000..7503792 --- /dev/null +++ b/defaults/ldap_virtual_mailbox_maps @@ -0,0 +1,13 @@ +server_host = ldap +search_base = @LDAP_SEARCH_BASE@ +version = 3 +bind = no +#bind_dn = cn=admin,dc=example,dc=com +#bind_pw = password +query_filter = (&(objectClass=inetLocalMailRecipient) (|(mail=%s)(mailLocalAddress=%s))) +#domain = example.com, hash:/etc/postfix/searchdomains +#expansion_limit = 1 +#recursion_limit = 1 +#size_limit = $expansion_limit +result_attribute = uidNumber +result_format = %D/%U diff --git a/defaults/relay_domains b/defaults/relay_domains new file mode 100644 index 0000000..11682d5 --- /dev/null +++ b/defaults/relay_domains @@ -0,0 +1 @@ +#example.com relay:[host.example.com]:port diff --git a/defaults/relay_recipient_maps b/defaults/relay_recipient_maps new file mode 100644 index 0000000..1bd1131 --- /dev/null +++ b/defaults/relay_recipient_maps @@ -0,0 +1 @@ +#user@example.com - diff --git a/defaults/virtual_alias_maps b/defaults/virtual_alias_maps new file mode 100644 index 0000000..e69de29 diff --git a/defaults/virtual_mailbox_maps b/defaults/virtual_mailbox_maps new file mode 100644 index 0000000..197b224 --- /dev/null +++ b/defaults/virtual_mailbox_maps @@ -0,0 +1 @@ +#user@example.com com.example/user diff --git a/custom.cf b/include/01-custom.cf similarity index 52% rename from custom.cf rename to include/01-custom.cf index ceed209..1808169 100644 --- a/custom.cf +++ b/include/01-custom.cf @@ -1,2 +1,4 @@ message_size_limit = 25600000 queue_minfree = 51200000 +smtpd_helo_required = yes +recipient_delimiter = + diff --git a/include/10-ssl.cf b/include/10-ssl.cf new file mode 100644 index 0000000..dbebc1d --- /dev/null +++ b/include/10-ssl.cf @@ -0,0 +1,11 @@ +smtp_use_tls = yes +smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt +smtp_tls_security_level = may +smtpd_tls_auth_only = yes +smtpd_tls_chain_files = + /etc/postfix/custom/ssl/server.crts, + /etc/postfix/ssl/ca.crts +smtpd_tls_key_file = $smtpd_tls_cert_file +smtpd_tls_security_level = may +smtpd_tls_session_cache_database = lmdb:/var/lib/postfix/smtpd_scache +smtpd_tls_session_cache_timeout = 1d diff --git a/include/20-sasl.cf b/include/20-sasl.cf new file mode 100644 index 0000000..bc70e15 --- /dev/null +++ b/include/20-sasl.cf @@ -0,0 +1,4 @@ +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = lmdb:/etc/postfix/custom/sasl_passwd +smtp_sasl_security_options = +smtpd_sasl_auth_enable = yes diff --git a/include/40-relay.cf b/include/40-relay.cf new file mode 100644 index 0000000..d0fc42b --- /dev/null +++ b/include/40-relay.cf @@ -0,0 +1,10 @@ +#relayhost = /etc/postfix/custom/relay_host +relay_domains = lmdb:/etc/postfix/custom/relay_domains + ldap:/etc/postfix/custom/ldap_relay_domains +relay_recipient_maps = lmdb:/etc/postfix/custom/relay_recipient_maps + ldap:/etc/postfix/custom/ldap_relay_recipient_maps +transport_maps = lmdb:/etc/postfix/custom/relay_domains +#transport_maps = $relay_domains +#relay_transport = lmdb:/etc/postfix/custom/relay_domains <-- THIS DOESNT WORK? +#relay_transport = relay:[c-8-2.leenooks.lan]:1025 <-- THIS DOES WORK +#relay_transport = relay diff --git a/include/41-virtual.cf b/include/41-virtual.cf new file mode 100644 index 0000000..29cb5ef --- /dev/null +++ b/include/41-virtual.cf @@ -0,0 +1,16 @@ +#virtual_alias_domains = @VIRTUAL_ALIAS_DOMAINS@ +##virtual_alias_domains = lmdb:/etc/postfix/custom/virtual_alias_domains +## ldap:/etc/postfix/custom/ldap_virtual_mailbox_domains +virtual_alias_maps = lmdb:/etc/postfix/custom/virtual_alias_maps + ldap:/etc/postfix/custom/ldap_virtual_alias_maps +virtual_mailbox_base = /var/mail/vhosts +#virtual_mailbox_domains = @VIRTUAL_DOMAINS@ +## @note virtual_mailbox_domains cannot be a map, so the below two definitions *WONT* work +##virtual_mailbox_domains = lmdb:/etc/postfix/custom/virtual_mailbox_domains +## ldap:/etc/postfix/custom/ldap_virtual_mailbox_domains +virtual_mailbox_maps = lmdb:/etc/postfix/custom/virtual_mailbox_maps + ldap:/etc/postfix/custom/ldap_virtual_mailbox_maps +#virtual_transport = virtual +virtual_minimum_uid = 100 +virtual_uid_maps = static:5000 +virtual_gid_maps = static:5000 diff --git a/opendkim.cf b/include/50-milters.cf similarity index 100% rename from opendkim.cf rename to include/50-milters.cf diff --git a/init b/init index 1b948ec..3b6f2c3 100755 --- a/init +++ b/init @@ -1,12 +1,19 @@ #!/bin/sh set -e +# @NOTE: Directories in /var/mail/vhosts/* need to be owned by the UID/GID defined in custom/41-virtual.cf + +DEFAULTS=/defaults +POSTFIX=/etc/postfix +CUSTOM=${POSTFIX}/custom +INCLUDE_DIR=${POSTFIX}/include NAME="SMTP" function stop { echo "Stopping ${NAME}" + postfix stop kill $(cat /run/saslauthd/saslauthd.pid) - kill $(cat /run/sendmail/mta/sendmail.pid|head -1) + kill $(cat /run/opendkim/opendkim.pid) } trap 'stop' SIGTERM @@ -17,16 +24,66 @@ if [ -z "$@" ]; then exit 1 fi - touch /etc/postfix/custom/relay_host - touch /etc/postfix/custom/sasl_passwd - postmap -o lmdb:/etc/postfix/custom/sasl_passwd - touch /etc/postfix/custom/transport - postmap -o lmdb:/etc/postfix/custom/transport + # Start some supporting daemons /usr/sbin/saslauthd -m /run/saslauthd -ca shadow + /usr/sbin/opendkim -u opendkim -P /run/opendkim/opendkim.pid + + # Setup our postfix environment + if [ -d ${INCLUDE_DIR} ]; then + if ls -1 ${INCLUDE_DIR}/*.cf >/dev/null 2>&1; then + echo "* Adding to main.cf" + echo '##### CUSTOM CONFIGURATION ####' >> ${POSTFIX}/main.cf + + for i in ${INCLUDE_DIR}/*.cf; do + echo "* Adding [${i}] to main.cf" + echo "# - ${i}" >> ${POSTFIX}/main.cf + cat $i >> ${POSTFIX}/main.cf + done + + echo '##### END CUSTOM CONFIGURATION ####' >> ${POSTFIX}/main.cf + fi + fi + + [ ! -f ${CUSTOM}/relay_domains ] && cp ${DEFAULTS}/relay_domains ${CUSTOM}/ + postmap -o lmdb:${CUSTOM}/relay_domains + + [ ! -f ${CUSTOM}/relay_recipient_maps ] && cp ${DEFAULTS}/relay_recipient_maps ${CUSTOM}/ + postmap -o lmdb:${CUSTOM}/relay_recipient_maps + + touch ${CUSTOM}/sasl_passwd + postmap -o lmdb:${CUSTOM}/sasl_passwd + + [ -n "${VIRTUAL_ALIAS_DOMAINS}" ] && sed -i -e "s%#virtual_alias_domains = @VIRTUAL_ALIAS_DOMAINS@%virtual_alias_domains = ${VIRTUAL_ALIAS_DOMAINS}%" ${POSTFIX}/main.cf + [ ! -f ${CUSTOM}/virtual_alias_maps ] && cp ${DEFAULTS}/virtual_alias_maps ${CUSTOM}/ + postmap -o lmdb:${CUSTOM}/virtual_alias_maps + + [ -n "${VIRTUAL_DOMAINS}" ] && sed -i -e "s%#virtual_mailbox_domains = @VIRTUAL_DOMAINS@%virtual_mailbox_domains = ${VIRTUAL_DOMAINS}%" ${POSTFIX}/main.cf + [ ! -f ${CUSTOM}/virtual_mailbox_maps ] && cp ${DEFAULTS}/virtual_mailbox_maps ${CUSTOM}/ + postmap -o lmdb:${CUSTOM}/virtual_mailbox_maps + + # Create some default LDAP templates + if [ ! -f ${CUSTOM}/ldap_virtual_alias_maps -a -n "${LDAP_SEARCH_BASE}" ]; then + cp ${DEFAULTS}/ldap_virtual_alias_maps ${CUSTOM}/ + sed -i -e "s%@THIS_HOST@%${HOSTNAME}%" -e "s%@LDAP_SEARCH_BASE@%${LDAP_SEARCH_BASE}%" ${CUSTOM}/ldap_virtual_alias_maps + fi + if [ ! -f ${CUSTOM}/ldap_virtual_mailbox_maps -a -n "${LDAP_SEARCH_BASE}" ]; then + cp ${DEFAULTS}/ldap_virtual_mailbox_maps ${CUSTOM}/ + sed -i -e "s%@THIS_HOST@%${HOSTNAME}%" -e "s%@LDAP_SEARCH_BASE@%${LDAP_SEARCH_BASE}%" ${CUSTOM}/ldap_virtual_mailbox_maps + fi + if [ ! -f ${CUSTOM}/ldap_relay_domains -a -n "${LDAP_SEARCH_BASE}" ]; then + cp ${DEFAULTS}/ldap_relay_domains ${CUSTOM}/ + sed -i -e "s%@THIS_HOST@%${HOSTNAME}%" -e "s%@LDAP_SEARCH_BASE@%${LDAP_SEARCH_BASE}%" ${CUSTOM}/ldap_relay_domains + fi + if [ ! -f ${CUSTOM}/ldap_relay_recipient_maps -a -n "${LDAP_SEARCH_BASE}" ]; then + cp ${DEFAULTS}/ldap_relay_recipient_maps ${CUSTOM}/ + sed -i -e "s%@THIS_HOST@%${HOSTNAME}%" -e "s%@LDAP_SEARCH_BASE@%${LDAP_SEARCH_BASE}%" ${CUSTOM}/ldap_relay_recipient_maps + fi + newaliases postfix start - /usr/sbin/opendkim -P /run/opendkim.pid -u opendkim -f + # Sleep,enabling our SIGTERM to shut us down gracefully + (while true; do sleep 3600; done) & wait else exec $@ diff --git a/smtp_relay_auth.cf b/smtp_relay_auth.cf deleted file mode 100644 index 9a0f925..0000000 --- a/smtp_relay_auth.cf +++ /dev/null @@ -1,7 +0,0 @@ -smtp_sasl_auth_enable = yes -smtp_tls_security_level = encrypt -smtp_sasl_password_maps = lmdb:/etc/postfix/custom/sasl_passwd -smtp_sasl_security_options = -smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt -smtp_use_tls = yes -#relayhost = /etc/postfix/custom/relay_host diff --git a/smtpd.conf b/smtpd.conf index c4161b6..33c1f23 100644 --- a/smtpd.conf +++ b/smtpd.conf @@ -1,3 +1,2 @@ -/etc/sasl2/smtpd.conf: - pwcheck_method: saslauthd - mech_list: PLAIN LOGIN +pwcheck_method: saslauthd +mech_list: PLAIN LOGIN diff --git a/ssl/ca.crts b/ssl/ca.crts new file mode 100644 index 0000000..6289fa5 --- /dev/null +++ b/ssl/ca.crts @@ -0,0 +1,183 @@ +-----BEGIN CERTIFICATE----- +MIIG5DCCBMygAwIBAgIJAObaLjRg5aFaMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV +BAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTEUMBIGA1UE +ChMLTWFzdGVyIFJvb3QxDDAKBgNVBAsTA1NTTDEQMA4GA1UEAxMHUm9vdCBDQTAe +Fw0xNzA3MDMwNTEyMjlaFw0yNzA3MDEwNTEyMjlaMGUxCzAJBgNVBAYTAkFVMQww +CgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTEUMBIGA1UEChMLTWFzdGVy +IFJvb3QxDDAKBgNVBAsTA1NTTDEQMA4GA1UEAxMHUm9vdCBDQTCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBANFHF+DuvWHjiOv9VSL1DvLLKf7TNnnBLIzN +AgpPZiky83k/GyowFZWvE0S0CJj4eUMU4xYwOvAOPK5XSQhulDTydLzoKwGBiLvi +1JO469fDCbMEvmuIHfgHJmGnsvNkgEJX7ZKg9VTUdxB6nJ0fZUXiAYj0svi0g8xw +bGzpBvh1WNQ2SH3i4wqeIH+cNWRzY8oYjdk2wG4EXqMDsghHA93Sp2Mh4z/pjoO0 +bZds89JI6QKXqpxDLqzyAQ/+VSOUs+bMLShZjFEa21YF7SrPt5ozvI9/pf8jm3n2 +bT49CDVEmroMS/jA7tfmP9Erly9MQtrEdVTDZXZIUHaGKIcFM1SEBMmekkDpgJJD +J1miJUVceGMKKWg673YnDOZTfrrWI9QAM9tEKXT2gCflJBe3eWl6ZPsgue1WrEQf +Y3wEwYUGnqMnQN/bSzfuvhD/PHWR2rDB+vQYwyFddanQ1npd2qixht7BZLOpUb+S +7yc+hlbaiukR9nlp9FTw8ZK+c2DQcGqHiD5qXJ0zgfGInsKt8yWSL8kGHVPj77zF +6DBix9zTb/wj65az16lMpEVf4WRtmz2mu7J5H/aUIuEaMAWbDEQP7zS6xlxJurPx +wmZ+4r5pVZLN8W3/nTYZN+iJ2nOR0nVdd0OLfDOrLYAHFoydvtW/TPv83OqGbqnH +haUtevPxAgMBAAGjggGVMIIBkTASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQW +BBQqNnYk4S28QyQn7pu2URFS9abjnTCBlwYDVR0jBIGPMIGMgBQqNnYk4S28QyQn +7pu2URFS9abjnaFppGcwZTELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1ZJQzESMBAG +A1UEBxMJTWVsYm91cm5lMRQwEgYDVQQKEwtNYXN0ZXIgUm9vdDEMMAoGA1UECxMD +U1NMMRAwDgYDVQQDEwdSb290IENBggkA5touNGDloVowCwYDVR0PBAQDAgEGMBEG +CWCGSAGG+EIBAQQEAwIBBjAeBgNVHRIEFzAVhhNodHRwczovL3NzbC5kbGNtLmNv +MFgGCCsGAQUFBwEBBEwwSjAkBggrBgEFBQcwAYYYaHR0cHM6Ly9zc2wuZGxjbS5j +by9vY3NwMCIGCCsGAQUFBzAChhZodHRwczovL3NzbC5kbGNtLmNvL2NhMCgGA1Ud +HwQhMB8wHaAboBmGF2h0dHBzOi8vc3NsLmRsY20uY28vY3JsMA0GCSqGSIb3DQEB +CwUAA4ICAQBZxX0jgHY64eLGgsbiMPF9SH4sW8QmhLoUoAkBZlj8Qi4oLfm1zu1E +vglqe5LWPvAY1PVl6XMM0oNcWiZiuwLOIssZmwasnAUzX0y+ZEfJPLG2r1HW+oUH +ns273eU0uZ9Xzglzv44lSkhX0D2tKrsmrVGjDcCeLZ9Ga/ORpgug5eBofxkv2pRr +abK7XU6T5zPA9cssAQxKi6KcCfuXu85/9+Fu29uB5dOVZJP98FoAp40FHRTXZqV+ +u28ZmJNl+6omExOCEZVaMvWtfSc8GAz4I9IuUJimjIMlJXnZLOcXE7F+F5vhQ2NH +TT+sma786LO41ybcW1HHVx2bf3XFkSIAzenZbFCO1UU8mwOaihuLHL0c05JanHil +hAlUNcrDyTdfxO6K6720fZKUvjalsMDVLehZU1pqb50HI//2p9kf7V+2HALkgGkj +ppMezJ7VUmFrIQOSYZQI/eHQWWBZUDWb+Hxil4Biu4WPmq/ieY60e3LEeNU5bGDT +A9l4o9V+lqqCcW1NGkJKx9TkL0NoV0NmwR8ggHGRvtIrZywLsy9I2jm88kQESADR +whIf0wlwqT11jbJ2zyw+vHt8ji2MiDPCiRpwB6LTMrmOIJNmxLIzcb9otObouA73 +l6/odR4xISk0/xUqQLmfZHkb0sLdAC0HZ+RE1UKBZ2neA6yW5z0cMA== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 100 (0x64) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=AU, ST=VIC, L=Melbourne, O=Master Root, OU=SSL, CN=Root CA + Validity + Not Before: Jan 14 02:24:43 2023 GMT + Not After : Jan 11 02:24:43 2033 GMT + Subject: C=AU, ST=VIC, O=DEGE, OU=SSL, CN=DEGE Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:d7:9b:5f:27:b7:ba:18:d4:cd:0c:19:92:bb:99: + 77:42:44:39:40:31:9f:71:00:cb:9a:51:41:90:66: + 3d:d3:34:e2:92:cf:df:af:55:c5:2a:02:9b:3e:b6: + 01:64:7a:0c:a7:6f:81:a6:95:5d:5b:43:39:a0:91: + d3:2f:14:26:bd:ac:89:54:84:83:6e:71:a0:28:30: + b5:cc:31:01:06:38:b6:87:d1:dc:ff:01:03:23:d5: + 8b:00:0f:dd:b2:96:7d:e8:64:e4:7a:a7:34:d6:7c: + 63:a9:46:ed:5e:b6:55:4f:c5:e7:5b:06:11:1c:39: + 15:97:ee:c7:81:48:ff:27:fe:ad:ba:fa:31:5b:7c: + 89:56:84:ba:3a:63:8a:c8:c2:4c:db:71:a5:29:1d: + 83:cf:8e:e0:b2:ae:63:4b:62:2c:e8:18:0f:c4:d2: + 5f:2f:27:73:d8:f2:78:d8:6c:d6:aa:b8:ec:9e:87: + aa:22:aa:f3:69:47:51:24:51:2b:b2:14:69:5b:d6: + 82:1f:19:b0:a1:15:f9:a4:e7:57:9f:45:e0:7d:35: + ec:67:6c:0e:21:3a:72:2c:f0:83:46:9c:37:43:17: + 30:51:7d:5f:c9:0c:70:fa:19:52:a0:ba:68:8d:dd: + cf:34:45:2a:cb:29:5e:fc:2c:13:d2:bf:d7:8b:5a: + 93:11:84:67:e8:90:74:fc:6a:71:89:bd:a8:57:16: + 9d:68:3e:54:7b:40:cd:83:dd:da:63:dd:7f:a2:e2: + e6:6e:ad:b8:05:83:e1:30:f5:94:42:9e:19:98:71: + cc:a2:6d:0a:9b:5d:59:39:99:83:1a:95:6e:83:7b: + 64:5b:48:51:cc:cc:ae:84:e0:8d:f6:61:fe:e7:60: + 26:db:0f:e9:ae:37:d0:27:80:4a:b5:8c:c7:0b:e4: + c9:43:80:fd:a0:f0:f8:6d:ab:df:6d:da:ef:e9:cf: + 71:54:d6:75:6d:3f:56:de:20:a6:fa:43:d5:36:84: + 91:e5:5c:4e:6d:bf:a8:7d:40:20:6e:7f:a8:8b:3f: + d3:1b:a9:39:9d:c3:ca:62:18:07:49:8f:ee:ae:5a: + e3:d6:29:75:9b:7b:4b:63:80:b2:d0:21:d3:15:3e: + a8:34:cf:f7:3d:48:37:80:4d:d9:cc:7c:c7:cc:e6: + 00:50:80:8d:9c:3f:b2:5d:7b:1d:85:86:cc:0c:38: + e0:cc:50:0d:be:cb:f8:91:00:4b:bc:e3:c7:fd:8d: + a9:8c:3d:77:24:4e:c9:fa:1a:ff:8d:fe:c1:58:47: + 2d:54:49:91:35:c0:8e:a9:52:0e:99:4d:5e:26:de: + e1:88:11:af:56:9c:31:c7:ee:58:42:26:39:ce:48: + 7a:de:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:1 + X509v3 Subject Key Identifier: + 02:FB:C5:FF:04:42:04:E9:61:F8:A0:D8:FE:D7:D3:75:E8:CC:FE:7F + X509v3 Authority Key Identifier: + keyid:2A:36:76:24:E1:2D:BC:43:24:27:EE:9B:B6:51:11:52:F5:A6:E3:9D + DirName:/C=AU/ST=VIC/L=Melbourne/O=Master Root/OU=SSL/CN=Root CA + serial:E6:DA:2E:34:60:E5:A1:5A + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Netscape Cert Type: + SSL CA, S/MIME CA + X509v3 Issuer Alternative Name: + URI:https://ssl.dlcm.co + Authority Information Access: + OCSP - URI:https://ssl.dlcm.co/ocsp + CA Issuers - URI:https://ssl.dlcm.co/ca + + X509v3 CRL Distribution Points: + + Full Name: + URI:https://ssl.dlcm.co/crl + + Signature Algorithm: sha256WithRSAEncryption + ab:ad:2f:d2:a1:00:5a:ee:df:ae:13:72:1e:c6:78:ea:fe:b1: + 67:ec:2e:cc:cf:60:d7:6d:2a:10:c6:ff:11:96:9c:71:08:a6: + 4f:03:89:ad:a5:2b:a2:3b:ad:0c:c5:9f:3b:66:5e:56:10:87: + 9f:e4:d4:3c:fb:ec:cb:0d:a4:38:3f:cd:b4:de:7e:d6:94:8a: + c6:33:49:9a:f9:be:b9:b3:c6:3c:3b:ed:46:fd:0a:50:79:bf: + 0e:da:9e:74:0f:51:31:cd:29:a7:d0:97:42:f6:65:0b:7e:5b: + 3b:c2:20:89:c5:99:9d:eb:fc:01:3a:55:1d:f0:03:4b:7c:81: + 35:87:b1:0d:39:91:b8:8d:3d:19:5d:1d:79:bf:e7:c9:79:47: + 95:8b:ca:14:53:c3:a0:3c:7d:c3:77:13:8c:02:44:3c:61:4b: + 4b:4a:ee:90:77:0e:62:61:dd:43:46:ef:1e:fd:8a:e5:bb:91: + 61:42:8a:21:7f:0f:b7:a8:6d:94:36:5e:df:c5:9e:ed:85:f8: + 1a:dd:64:00:06:d5:27:0a:b9:57:86:e5:dd:59:09:51:75:c9: + 44:dd:a3:a3:75:3a:fa:61:d9:ac:51:c6:bf:e8:9b:3f:2e:94: + bc:2e:9d:8d:94:d9:03:dc:ef:31:7d:23:15:98:fe:74:72:8a: + 8a:0b:3b:2a:d0:38:fd:c1:20:f6:e5:69:2d:1c:08:bd:a4:26: + 3d:f9:d7:82:c5:c5:41:c9:ad:98:26:9d:81:aa:2b:3e:54:1b: + 37:d4:2e:a8:eb:97:6d:4e:a6:47:1d:95:c9:49:22:58:ab:b2: + 26:0d:86:11:61:28:02:8d:87:21:93:19:7d:46:cc:4c:40:60: + 93:77:7e:11:2e:31:9c:b5:5c:62:72:79:08:25:ac:3c:af:83: + 4c:e4:20:89:c4:80:e9:d8:e0:a6:c7:3a:5e:91:6d:d8:79:11: + d9:0d:24:1d:e7:ca:86:e8:ee:73:9e:ad:3d:94:7a:98:38:a9: + 76:1a:42:3e:b5:8b:a4:0d:b9:46:5f:47:b3:a0:05:f8:74:d6: + 5a:85:7a:6c:4b:7e:74:01:30:a5:18:6c:94:3b:46:21:5d:46: + 18:fc:18:e9:fb:ae:3e:c4:75:56:6f:50:d7:52:20:b6:f0:52: + 55:a7:d0:f1:c8:04:d6:b8:a6:08:2c:68:1e:fa:fd:c3:37:5b: + 75:d8:27:64:47:a6:0b:16:f5:d7:1a:63:41:1a:d2:c1:4e:b3: + 97:72:18:3d:bb:43:45:ac:3a:6c:55:5d:ce:fc:aa:51:9f:02: + b4:06:80:38:a0:76:c1:fc:79:89:1b:b1:72:c8:a2:f6:e3:1d: + ee:11:fc:a7:65:fe:b8:d2 +-----BEGIN CERTIFICATE----- +MIIGxjCCBK6gAwIBAgIBZDANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJBVTEM +MAoGA1UECBMDVklDMRIwEAYDVQQHEwlNZWxib3VybmUxFDASBgNVBAoTC01hc3Rl +ciBSb290MQwwCgYDVQQLEwNTU0wxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMjMwMTE0 +MDIyNDQzWhcNMzMwMTExMDIyNDQzWjBPMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD +VklDMQ0wCwYDVQQKEwRERUdFMQwwCgYDVQQLEwNTU0wxFTATBgNVBAMTDERFR0Ug +Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANebXye3uhjU +zQwZkruZd0JEOUAxn3EAy5pRQZBmPdM04pLP369VxSoCmz62AWR6DKdvgaaVXVtD +OaCR0y8UJr2siVSEg25xoCgwtcwxAQY4tofR3P8BAyPViwAP3bKWfehk5HqnNNZ8 +Y6lG7V62VU/F51sGERw5FZfux4FI/yf+rbr6MVt8iVaEujpjisjCTNtxpSkdg8+O +4LKuY0tiLOgYD8TSXy8nc9jyeNhs1qq47J6HqiKq82lHUSRRK7IUaVvWgh8ZsKEV ++aTnV59F4H017GdsDiE6cizwg0acN0MXMFF9X8kMcPoZUqC6aI3dzzRFKsspXvws +E9K/14takxGEZ+iQdPxqcYm9qFcWnWg+VHtAzYPd2mPdf6Li5m6tuAWD4TD1lEKe +GZhxzKJtCptdWTmZgxqVboN7ZFtIUczMroTgjfZh/udgJtsP6a430CeASrWMxwvk +yUOA/aDw+G2r323a7+nPcVTWdW0/Vt4gpvpD1TaEkeVcTm2/qH1AIG5/qIs/0xup +OZ3DymIYB0mP7q5a49YpdZt7S2OAstAh0xU+qDTP9z1IN4BN2cx8x8zmAFCAjZw/ +sl17HYWGzAw44MxQDb7L+JEAS7zjx/2NqYw9dyROyfoa/43+wVhHLVRJkTXAjqlS +DplNXibe4YgRr1acMcfuWEImOc5Iet6PAgMBAAGjggGVMIIBkTASBgNVHRMBAf8E +CDAGAQH/AgEBMB0GA1UdDgQWBBQC+8X/BEIE6WH4oNj+19N16Mz+fzCBlwYDVR0j +BIGPMIGMgBQqNnYk4S28QyQn7pu2URFS9abjnaFppGcwZTELMAkGA1UEBhMCQVUx +DDAKBgNVBAgTA1ZJQzESMBAGA1UEBxMJTWVsYm91cm5lMRQwEgYDVQQKEwtNYXN0 +ZXIgUm9vdDEMMAoGA1UECxMDU1NMMRAwDgYDVQQDEwdSb290IENBggkA5touNGDl +oVowCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjAeBgNVHRIEFzAVhhNo +dHRwczovL3NzbC5kbGNtLmNvMFgGCCsGAQUFBwEBBEwwSjAkBggrBgEFBQcwAYYY +aHR0cHM6Ly9zc2wuZGxjbS5jby9vY3NwMCIGCCsGAQUFBzAChhZodHRwczovL3Nz +bC5kbGNtLmNvL2NhMCgGA1UdHwQhMB8wHaAboBmGF2h0dHBzOi8vc3NsLmRsY20u +Y28vY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQCrrS/SoQBa7t+uE3Iexnjq/rFn7C7M +z2DXbSoQxv8RlpxxCKZPA4mtpSuiO60MxZ87Zl5WEIef5NQ8++zLDaQ4P8203n7W +lIrGM0ma+b65s8Y8O+1G/QpQeb8O2p50D1ExzSmn0JdC9mULfls7wiCJxZmd6/wB +OlUd8ANLfIE1h7ENOZG4jT0ZXR15v+fJeUeVi8oUU8OgPH3DdxOMAkQ8YUtLSu6Q +dw5iYd1DRu8e/Yrlu5FhQoohfw+3qG2UNl7fxZ7thfga3WQABtUnCrlXhuXdWQlR +dclE3aOjdTr6YdmsUca/6Js/LpS8Lp2NlNkD3O8xfSMVmP50coqKCzsq0Dj9wSD2 +5WktHAi9pCY9+deCxcVBya2YJp2Bqis+VBs31C6o65dtTqZHHZXJSSJYq7ImDYYR +YSgCjYchkxl9RsxMQGCTd34RLjGctVxicnkIJaw8r4NM5CCJxIDp2OCmxzpekW3Y +eRHZDSQd58qG6O5znq09lHqYOKl2GkI+tYukDblGX0ezoAX4dNZahXpsS350ATCl +GGyUO0YhXUYY/Bjp+64+xHVWb1DXUiC28FJVp9DxyATWuKYILGge+v3DN1t12Cdk +R6YLFvXXGmNBGtLBTrOXchg9u0NFrDpsVV3O/KpRnwK0BoA4oHbB/HmJG7FyyKL2 +4x3uEfynZf640g== +-----END CERTIFICATE-----