Added LDAP support

This commit is contained in:
Deon George 2023-05-02 17:16:10 +10:00
parent e7cb2ced7c
commit 5be914ec97
19 changed files with 394 additions and 42 deletions

View File

@ -4,44 +4,66 @@
FROM alpine
# Change to http respositories, so they we can cache the install packages
RUN if [ -n ${HTTP_PROXY} ] ; then sed -ie s'/https/http/' /etc/apk/repositories; fi
RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi
RUN apk add --no-cache postfix cyrus-sasl opendkim opendkim-utils
# Config postfix
RUN sed -ie 's%^#mynetworks = hash:/etc/postfix/network_table%mynetworks = /etc/opendkim/signing/TrustedHosts%' /etc/postfix/main.cf \
&& sed -ie 's%^#relay_domains = %relay_domains = lmdb:/etc/postfix/custom/transport%' /etc/postfix/main.cf \
&& echo 'transport_maps = lmdb:/etc/postfix/custom/transport' >> /etc/postfix/main.cf \
&& echo -n 'bWVzc2FnZV9zaXplX2xpbWl0ID0gMjU2MDAwMDAKcXVldWVfbWluZnJlZSA9IDUxMjAwMDAwCg=='|base64 -d >> /etc/postfix/main.cf \
&& echo -n 'c210cF9zYXNsX2F1dGhfZW5hYmxlID0geWVzCnNtdHBfdGxzX3NlY3VyaXR5X2xldmVsID0gZW5j\
cnlwdApzbXRwX3Nhc2xfcGFzc3dvcmRfbWFwcyA9IGxtZGI6L2V0Yy9wb3N0Zml4L2N1c3RvbS9z\
YXNsX3Bhc3N3ZApzbXRwX3Nhc2xfc2VjdXJpdHlfb3B0aW9ucyA9CnNtdHBfdGxzX0NBZmlsZSA9\
IC9ldGMvc3NsL2NlcnRzL2NhLWNlcnRpZmljYXRlcy5jcnQKc210cF91c2VfdGxzID0geWVzCiNy\
ZWxheWhvc3QgPSAvZXRjL3Bvc3RmaXgvY3VzdG9tL3JlbGF5X2hvc3QK'|base64 -d >> /etc/postfix/main.cf
RUN apk add --no-cache postfix postfix-ldap cyrus-sasl cyrus-sasl-login opendkim opendkim-utils
# SASL config
COPY smtpd.conf /etc/sasl2/
RUN apk add shadow && useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd \
&& gpasswd -a postfix opendkim
# Config postfix
RUN sed -i -e 's%^#mynetworks = hash:/etc/postfix/network_table%mynetworks = /etc/opendkim/signing/TrustedHosts%' /etc/postfix/main.cf
COPY include /etc/postfix/include
COPY ssl /etc/postfix/ssl
# Enable DKIM
RUN mkdir /run/opendkim \
&& echo -n 'IyBNaWx0ZXIgY29uZmlndXJhdGlvbiAtIG9wZW5ka2ltCiMgSWYgdGhlIE9wZW5ES0lNIG1pbHRl\
ciBpc24ndCBhdmFpbGFibGUsIGFjY2VwdCB0aGUgbWVzc2FnZSBhbnl3YXkuCm1pbHRlcl9kZWZh\
dWx0X2FjdGlvbiA9IGFjY2VwdAojIFdoYXQgbWlsdGVyIGNvbW11bmljYXRpb24gcHJvdG9jb2wg\
c2hvdWxkIGJlIHVzZWQgdG8gcGFzcyBtZXNzYWdlcwojIHRvIGFuZCBmcm9tIE9wZW5ES0lNPwpt\
aWx0ZXJfcHJvdG9jb2wgPSA2CiMgV2hlcmUgc2hvdWxkIHRoZSBPcGVuREtJTSBtaWx0ZXIgYmUg\
Y29udGFjdCB0aHJvdWdoPyAgTm90ZSB0aGF0IHRoaXMKIyBpcyBpbnNpZGUgdGhlIC92YXIvc3Bv\
b2wvcG9zdGZpeCBjaHJvb3QuCnNtdHBkX21pbHRlcnMgPSBpbmV0OjEyNy4wLjAuMTo4ODkxCiMg\
U2VuZCBtYWlsIHRoYXQgZG9lc24ndCBhcnJpdmUgZnJvbSB0aGUgbmV0d29yayB0aHJvdWdoIHRo\
ZSBzYW1lIG1pbHRlcgojIGFzIG91dGJvdW5kIG1haWwuCm5vbl9zbXRwZF9taWx0ZXJzID0gJHNt\
dHBkX21pbHRlcnMK' |base64 -d >> /etc/postfix/main.cf
RUN mkdir /run/opendkim
COPY opendkim.conf /etc/opendkim/
COPY signing /etc/opendkim/signing/
COPY defaults /defaults/
COPY init /sbin/
VOLUME ["/var/spool/postfix","/etc/postfix/custom"]
VOLUME [ "/var/spool/postfix","/etc/postfix/custom","/var/mail/vhosts" ]
EXPOSE 25
# Starting
ENTRYPOINT [ "/sbin/init" ]
# Control
#* add require EHLO - DONE
#* mydestination
#* ldap hostname via init in where clauses
#* virtual_alias_domain ? (Dont list in mydestination) OR (for unix accounts - DONT NEED?)
#* virtual_mailbox_domain (Dont list in mydestination)
#
#
# 1 /etc/postfix/main.cf:
# 2 virtual_mailbox_domains = example.com ...more domains...
# 3 virtual_mailbox_base = /var/mail/vhosts
# 4 virtual_mailbox_maps = hash:/etc/postfix/vmailbox
# 5 virtual_minimum_uid = 100
# 6 virtual_uid_maps = static:5000
# 7 virtual_gid_maps = static:5000
# 8 virtual_alias_maps = hash:/etc/postfix/virtual
# 9
# 10 /etc/postfix/vmailbox:
# 11 info@example.com example.com/info
# 12 sales@example.com example.com/sales/
# 13 # Comment out the entry below to implement a catch-all.
# 14 # @example.com example.com/catchall
# 15 ...virtual mailboxes for more domains...
# 16
# 17 /etc/postfix/virtual:
# 18 postmaster@example.com postmaster
#
#TEST Environement:
#* dege.lan - virtual
#* dege.au - virtual
#* dlcm.co - virtual
#* bbs.dege.au - sync
#* dcml.au - axigen

View File

@ -0,0 +1,13 @@
server_host = ldap
search_base = @LDAP_SEARCH_BASE@
version = 3
bind = no
#bind_dn = cn=admin,dc=example,dc=com
#bind_pw = password
query_filter = (&(objectClass=inetLocalMailRecipient) (!(mailHost=@THIS_HOST@)) (|(mail=%s) (mailLocalAddress=%s)))
#domain = example.com, hash:/etc/postfix/searchdomains
#expansion_limit = 1
#recursion_limit = 1
#size_limit = $expansion_limit
result_attribute = mailHost
result_format = relay:[%s]

View File

@ -0,0 +1,13 @@
server_host = ldap
search_base = @LDAP_SEARCH_BASE@
version = 3
bind = no
#bind_dn = cn=admin,dc=example,dc=com
#bind_pw = password
query_filter = (&(objectClass=inetLocalMailRecipient) (|(mail=%s)(mailLocalAddress=%s)))
#domain = example.com, hash:/etc/postfix/searchdomains
#expansion_limit = 1
#recursion_limit = 1
#size_limit = $expansion_limit
result_attribute = uidNumber
# result_format = %s

View File

@ -0,0 +1,13 @@
server_host = ldap
search_base = @LDAP_SEARCH_BASE@
version = 3
bind = no
#bind_dn = cn=admin,dc=example,dc=com
#bind_pw = password
query_filter = (&(objectClass=inetLocalMailRecipient) (mailHost=@THIS_HOST@) (|(mail=%s)(mailLocalAddress=%s)))
#domain = example.com, hash:/etc/postfix/searchdomains
#expansion_limit = 1
#recursion_limit = 1
#size_limit = $expansion_limit
result_attribute = mailRoutingAddress
# result_format = %s

View File

@ -0,0 +1,13 @@
server_host = ldap
search_base = @LDAP_SEARCH_BASE@
version = 3
bind = no
#bind_dn = cn=admin,dc=example,dc=com
#bind_pw = password
query_filter = (&(objectClass=inetLocalMailRecipient) (|(mail=%s)(mailLocalAddress=%s)))
#domain = example.com, hash:/etc/postfix/searchdomains
#expansion_limit = 1
#recursion_limit = 1
#size_limit = $expansion_limit
result_attribute = uidNumber
result_format = %D/%U

1
defaults/relay_domains Normal file
View File

@ -0,0 +1 @@
#example.com relay:[host.example.com]:port

View File

@ -0,0 +1 @@
#user@example.com -

View File

View File

@ -0,0 +1 @@
#user@example.com com.example/user

View File

@ -1,2 +1,4 @@
message_size_limit = 25600000
queue_minfree = 51200000
smtpd_helo_required = yes
recipient_delimiter = +

11
include/10-ssl.cf Normal file
View File

@ -0,0 +1,11 @@
smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_chain_files =
/etc/postfix/custom/ssl/server.crts,
/etc/postfix/ssl/ca.crts
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = lmdb:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 1d

4
include/20-sasl.cf Normal file
View File

@ -0,0 +1,4 @@
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = lmdb:/etc/postfix/custom/sasl_passwd
smtp_sasl_security_options =
smtpd_sasl_auth_enable = yes

10
include/40-relay.cf Normal file
View File

@ -0,0 +1,10 @@
#relayhost = /etc/postfix/custom/relay_host
relay_domains = lmdb:/etc/postfix/custom/relay_domains
ldap:/etc/postfix/custom/ldap_relay_domains
relay_recipient_maps = lmdb:/etc/postfix/custom/relay_recipient_maps
ldap:/etc/postfix/custom/ldap_relay_recipient_maps
transport_maps = lmdb:/etc/postfix/custom/relay_domains
#transport_maps = $relay_domains
#relay_transport = lmdb:/etc/postfix/custom/relay_domains <-- THIS DOESNT WORK?
#relay_transport = relay:[c-8-2.leenooks.lan]:1025 <-- THIS DOES WORK
#relay_transport = relay

16
include/41-virtual.cf Normal file
View File

@ -0,0 +1,16 @@
#virtual_alias_domains = @VIRTUAL_ALIAS_DOMAINS@
##virtual_alias_domains = lmdb:/etc/postfix/custom/virtual_alias_domains
## ldap:/etc/postfix/custom/ldap_virtual_mailbox_domains
virtual_alias_maps = lmdb:/etc/postfix/custom/virtual_alias_maps
ldap:/etc/postfix/custom/ldap_virtual_alias_maps
virtual_mailbox_base = /var/mail/vhosts
#virtual_mailbox_domains = @VIRTUAL_DOMAINS@
## @note virtual_mailbox_domains cannot be a map, so the below two definitions *WONT* work
##virtual_mailbox_domains = lmdb:/etc/postfix/custom/virtual_mailbox_domains
## ldap:/etc/postfix/custom/ldap_virtual_mailbox_domains
virtual_mailbox_maps = lmdb:/etc/postfix/custom/virtual_mailbox_maps
ldap:/etc/postfix/custom/ldap_virtual_mailbox_maps
#virtual_transport = virtual
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

71
init
View File

@ -1,12 +1,19 @@
#!/bin/sh
set -e
# @NOTE: Directories in /var/mail/vhosts/* need to be owned by the UID/GID defined in custom/41-virtual.cf
DEFAULTS=/defaults
POSTFIX=/etc/postfix
CUSTOM=${POSTFIX}/custom
INCLUDE_DIR=${POSTFIX}/include
NAME="SMTP"
function stop {
echo "Stopping ${NAME}"
postfix stop
kill $(cat /run/saslauthd/saslauthd.pid)
kill $(cat /run/sendmail/mta/sendmail.pid|head -1)
kill $(cat /run/opendkim/opendkim.pid)
}
trap 'stop' SIGTERM
@ -17,16 +24,66 @@ if [ -z "$@" ]; then
exit 1
fi
touch /etc/postfix/custom/relay_host
touch /etc/postfix/custom/sasl_passwd
postmap -o lmdb:/etc/postfix/custom/sasl_passwd
touch /etc/postfix/custom/transport
postmap -o lmdb:/etc/postfix/custom/transport
# Start some supporting daemons
/usr/sbin/saslauthd -m /run/saslauthd -ca shadow
/usr/sbin/opendkim -u opendkim -P /run/opendkim/opendkim.pid
# Setup our postfix environment
if [ -d ${INCLUDE_DIR} ]; then
if ls -1 ${INCLUDE_DIR}/*.cf >/dev/null 2>&1; then
echo "* Adding to main.cf"
echo '##### CUSTOM CONFIGURATION ####' >> ${POSTFIX}/main.cf
for i in ${INCLUDE_DIR}/*.cf; do
echo "* Adding [${i}] to main.cf"
echo "# - ${i}" >> ${POSTFIX}/main.cf
cat $i >> ${POSTFIX}/main.cf
done
echo '##### END CUSTOM CONFIGURATION ####' >> ${POSTFIX}/main.cf
fi
fi
[ ! -f ${CUSTOM}/relay_domains ] && cp ${DEFAULTS}/relay_domains ${CUSTOM}/
postmap -o lmdb:${CUSTOM}/relay_domains
[ ! -f ${CUSTOM}/relay_recipient_maps ] && cp ${DEFAULTS}/relay_recipient_maps ${CUSTOM}/
postmap -o lmdb:${CUSTOM}/relay_recipient_maps
touch ${CUSTOM}/sasl_passwd
postmap -o lmdb:${CUSTOM}/sasl_passwd
[ -n "${VIRTUAL_ALIAS_DOMAINS}" ] && sed -i -e "s%#virtual_alias_domains = @VIRTUAL_ALIAS_DOMAINS@%virtual_alias_domains = ${VIRTUAL_ALIAS_DOMAINS}%" ${POSTFIX}/main.cf
[ ! -f ${CUSTOM}/virtual_alias_maps ] && cp ${DEFAULTS}/virtual_alias_maps ${CUSTOM}/
postmap -o lmdb:${CUSTOM}/virtual_alias_maps
[ -n "${VIRTUAL_DOMAINS}" ] && sed -i -e "s%#virtual_mailbox_domains = @VIRTUAL_DOMAINS@%virtual_mailbox_domains = ${VIRTUAL_DOMAINS}%" ${POSTFIX}/main.cf
[ ! -f ${CUSTOM}/virtual_mailbox_maps ] && cp ${DEFAULTS}/virtual_mailbox_maps ${CUSTOM}/
postmap -o lmdb:${CUSTOM}/virtual_mailbox_maps
# Create some default LDAP templates
if [ ! -f ${CUSTOM}/ldap_virtual_alias_maps -a -n "${LDAP_SEARCH_BASE}" ]; then
cp ${DEFAULTS}/ldap_virtual_alias_maps ${CUSTOM}/
sed -i -e "s%@THIS_HOST@%${HOSTNAME}%" -e "s%@LDAP_SEARCH_BASE@%${LDAP_SEARCH_BASE}%" ${CUSTOM}/ldap_virtual_alias_maps
fi
if [ ! -f ${CUSTOM}/ldap_virtual_mailbox_maps -a -n "${LDAP_SEARCH_BASE}" ]; then
cp ${DEFAULTS}/ldap_virtual_mailbox_maps ${CUSTOM}/
sed -i -e "s%@THIS_HOST@%${HOSTNAME}%" -e "s%@LDAP_SEARCH_BASE@%${LDAP_SEARCH_BASE}%" ${CUSTOM}/ldap_virtual_mailbox_maps
fi
if [ ! -f ${CUSTOM}/ldap_relay_domains -a -n "${LDAP_SEARCH_BASE}" ]; then
cp ${DEFAULTS}/ldap_relay_domains ${CUSTOM}/
sed -i -e "s%@THIS_HOST@%${HOSTNAME}%" -e "s%@LDAP_SEARCH_BASE@%${LDAP_SEARCH_BASE}%" ${CUSTOM}/ldap_relay_domains
fi
if [ ! -f ${CUSTOM}/ldap_relay_recipient_maps -a -n "${LDAP_SEARCH_BASE}" ]; then
cp ${DEFAULTS}/ldap_relay_recipient_maps ${CUSTOM}/
sed -i -e "s%@THIS_HOST@%${HOSTNAME}%" -e "s%@LDAP_SEARCH_BASE@%${LDAP_SEARCH_BASE}%" ${CUSTOM}/ldap_relay_recipient_maps
fi
newaliases
postfix start
/usr/sbin/opendkim -P /run/opendkim.pid -u opendkim -f
# Sleep,enabling our SIGTERM to shut us down gracefully
(while true; do sleep 3600; done) &
wait
else
exec $@

View File

@ -1,7 +0,0 @@
smtp_sasl_auth_enable = yes
smtp_tls_security_level = encrypt
smtp_sasl_password_maps = lmdb:/etc/postfix/custom/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes
#relayhost = /etc/postfix/custom/relay_host

View File

@ -1,3 +1,2 @@
/etc/sasl2/smtpd.conf:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

183
ssl/ca.crts Normal file
View File

@ -0,0 +1,183 @@
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJAObaLjRg5aFaMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTEUMBIGA1UE
ChMLTWFzdGVyIFJvb3QxDDAKBgNVBAsTA1NTTDEQMA4GA1UEAxMHUm9vdCBDQTAe
Fw0xNzA3MDMwNTEyMjlaFw0yNzA3MDEwNTEyMjlaMGUxCzAJBgNVBAYTAkFVMQww
CgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTEUMBIGA1UEChMLTWFzdGVy
IFJvb3QxDDAKBgNVBAsTA1NTTDEQMA4GA1UEAxMHUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBANFHF+DuvWHjiOv9VSL1DvLLKf7TNnnBLIzN
AgpPZiky83k/GyowFZWvE0S0CJj4eUMU4xYwOvAOPK5XSQhulDTydLzoKwGBiLvi
1JO469fDCbMEvmuIHfgHJmGnsvNkgEJX7ZKg9VTUdxB6nJ0fZUXiAYj0svi0g8xw
bGzpBvh1WNQ2SH3i4wqeIH+cNWRzY8oYjdk2wG4EXqMDsghHA93Sp2Mh4z/pjoO0
bZds89JI6QKXqpxDLqzyAQ/+VSOUs+bMLShZjFEa21YF7SrPt5ozvI9/pf8jm3n2
bT49CDVEmroMS/jA7tfmP9Erly9MQtrEdVTDZXZIUHaGKIcFM1SEBMmekkDpgJJD
J1miJUVceGMKKWg673YnDOZTfrrWI9QAM9tEKXT2gCflJBe3eWl6ZPsgue1WrEQf
Y3wEwYUGnqMnQN/bSzfuvhD/PHWR2rDB+vQYwyFddanQ1npd2qixht7BZLOpUb+S
7yc+hlbaiukR9nlp9FTw8ZK+c2DQcGqHiD5qXJ0zgfGInsKt8yWSL8kGHVPj77zF
6DBix9zTb/wj65az16lMpEVf4WRtmz2mu7J5H/aUIuEaMAWbDEQP7zS6xlxJurPx
wmZ+4r5pVZLN8W3/nTYZN+iJ2nOR0nVdd0OLfDOrLYAHFoydvtW/TPv83OqGbqnH
haUtevPxAgMBAAGjggGVMIIBkTASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQW
BBQqNnYk4S28QyQn7pu2URFS9abjnTCBlwYDVR0jBIGPMIGMgBQqNnYk4S28QyQn
7pu2URFS9abjnaFppGcwZTELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1ZJQzESMBAG
A1UEBxMJTWVsYm91cm5lMRQwEgYDVQQKEwtNYXN0ZXIgUm9vdDEMMAoGA1UECxMD
U1NMMRAwDgYDVQQDEwdSb290IENBggkA5touNGDloVowCwYDVR0PBAQDAgEGMBEG
CWCGSAGG+EIBAQQEAwIBBjAeBgNVHRIEFzAVhhNodHRwczovL3NzbC5kbGNtLmNv
MFgGCCsGAQUFBwEBBEwwSjAkBggrBgEFBQcwAYYYaHR0cHM6Ly9zc2wuZGxjbS5j
by9vY3NwMCIGCCsGAQUFBzAChhZodHRwczovL3NzbC5kbGNtLmNvL2NhMCgGA1Ud
HwQhMB8wHaAboBmGF2h0dHBzOi8vc3NsLmRsY20uY28vY3JsMA0GCSqGSIb3DQEB
CwUAA4ICAQBZxX0jgHY64eLGgsbiMPF9SH4sW8QmhLoUoAkBZlj8Qi4oLfm1zu1E
vglqe5LWPvAY1PVl6XMM0oNcWiZiuwLOIssZmwasnAUzX0y+ZEfJPLG2r1HW+oUH
ns273eU0uZ9Xzglzv44lSkhX0D2tKrsmrVGjDcCeLZ9Ga/ORpgug5eBofxkv2pRr
abK7XU6T5zPA9cssAQxKi6KcCfuXu85/9+Fu29uB5dOVZJP98FoAp40FHRTXZqV+
u28ZmJNl+6omExOCEZVaMvWtfSc8GAz4I9IuUJimjIMlJXnZLOcXE7F+F5vhQ2NH
TT+sma786LO41ybcW1HHVx2bf3XFkSIAzenZbFCO1UU8mwOaihuLHL0c05JanHil
hAlUNcrDyTdfxO6K6720fZKUvjalsMDVLehZU1pqb50HI//2p9kf7V+2HALkgGkj
ppMezJ7VUmFrIQOSYZQI/eHQWWBZUDWb+Hxil4Biu4WPmq/ieY60e3LEeNU5bGDT
A9l4o9V+lqqCcW1NGkJKx9TkL0NoV0NmwR8ggHGRvtIrZywLsy9I2jm88kQESADR
whIf0wlwqT11jbJ2zyw+vHt8ji2MiDPCiRpwB6LTMrmOIJNmxLIzcb9otObouA73
l6/odR4xISk0/xUqQLmfZHkb0sLdAC0HZ+RE1UKBZ2neA6yW5z0cMA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 100 (0x64)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=AU, ST=VIC, L=Melbourne, O=Master Root, OU=SSL, CN=Root CA
Validity
Not Before: Jan 14 02:24:43 2023 GMT
Not After : Jan 11 02:24:43 2033 GMT
Subject: C=AU, ST=VIC, O=DEGE, OU=SSL, CN=DEGE Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d7:9b:5f:27:b7:ba:18:d4:cd:0c:19:92:bb:99:
77:42:44:39:40:31:9f:71:00:cb:9a:51:41:90:66:
3d:d3:34:e2:92:cf:df:af:55:c5:2a:02:9b:3e:b6:
01:64:7a:0c:a7:6f:81:a6:95:5d:5b:43:39:a0:91:
d3:2f:14:26:bd:ac:89:54:84:83:6e:71:a0:28:30:
b5:cc:31:01:06:38:b6:87:d1:dc:ff:01:03:23:d5:
8b:00:0f:dd:b2:96:7d:e8:64:e4:7a:a7:34:d6:7c:
63:a9:46:ed:5e:b6:55:4f:c5:e7:5b:06:11:1c:39:
15:97:ee:c7:81:48:ff:27:fe:ad:ba:fa:31:5b:7c:
89:56:84:ba:3a:63:8a:c8:c2:4c:db:71:a5:29:1d:
83:cf:8e:e0:b2:ae:63:4b:62:2c:e8:18:0f:c4:d2:
5f:2f:27:73:d8:f2:78:d8:6c:d6:aa:b8:ec:9e:87:
aa:22:aa:f3:69:47:51:24:51:2b:b2:14:69:5b:d6:
82:1f:19:b0:a1:15:f9:a4:e7:57:9f:45:e0:7d:35:
ec:67:6c:0e:21:3a:72:2c:f0:83:46:9c:37:43:17:
30:51:7d:5f:c9:0c:70:fa:19:52:a0:ba:68:8d:dd:
cf:34:45:2a:cb:29:5e:fc:2c:13:d2:bf:d7:8b:5a:
93:11:84:67:e8:90:74:fc:6a:71:89:bd:a8:57:16:
9d:68:3e:54:7b:40:cd:83:dd:da:63:dd:7f:a2:e2:
e6:6e:ad:b8:05:83:e1:30:f5:94:42:9e:19:98:71:
cc:a2:6d:0a:9b:5d:59:39:99:83:1a:95:6e:83:7b:
64:5b:48:51:cc:cc:ae:84:e0:8d:f6:61:fe:e7:60:
26:db:0f:e9:ae:37:d0:27:80:4a:b5:8c:c7:0b:e4:
c9:43:80:fd:a0:f0:f8:6d:ab:df:6d:da:ef:e9:cf:
71:54:d6:75:6d:3f:56:de:20:a6:fa:43:d5:36:84:
91:e5:5c:4e:6d:bf:a8:7d:40:20:6e:7f:a8:8b:3f:
d3:1b:a9:39:9d:c3:ca:62:18:07:49:8f:ee:ae:5a:
e3:d6:29:75:9b:7b:4b:63:80:b2:d0:21:d3:15:3e:
a8:34:cf:f7:3d:48:37:80:4d:d9:cc:7c:c7:cc:e6:
00:50:80:8d:9c:3f:b2:5d:7b:1d:85:86:cc:0c:38:
e0:cc:50:0d:be:cb:f8:91:00:4b:bc:e3:c7:fd:8d:
a9:8c:3d:77:24:4e:c9:fa:1a:ff:8d:fe:c1:58:47:
2d:54:49:91:35:c0:8e:a9:52:0e:99:4d:5e:26:de:
e1:88:11:af:56:9c:31:c7:ee:58:42:26:39:ce:48:
7a:de:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:1
X509v3 Subject Key Identifier:
02:FB:C5:FF:04:42:04:E9:61:F8:A0:D8:FE:D7:D3:75:E8:CC:FE:7F
X509v3 Authority Key Identifier:
keyid:2A:36:76:24:E1:2D:BC:43:24:27:EE:9B:B6:51:11:52:F5:A6:E3:9D
DirName:/C=AU/ST=VIC/L=Melbourne/O=Master Root/OU=SSL/CN=Root CA
serial:E6:DA:2E:34:60:E5:A1:5A
X509v3 Key Usage:
Certificate Sign, CRL Sign
Netscape Cert Type:
SSL CA, S/MIME CA
X509v3 Issuer Alternative Name:
URI:https://ssl.dlcm.co
Authority Information Access:
OCSP - URI:https://ssl.dlcm.co/ocsp
CA Issuers - URI:https://ssl.dlcm.co/ca
X509v3 CRL Distribution Points:
Full Name:
URI:https://ssl.dlcm.co/crl
Signature Algorithm: sha256WithRSAEncryption
ab:ad:2f:d2:a1:00:5a:ee:df:ae:13:72:1e:c6:78:ea:fe:b1:
67:ec:2e:cc:cf:60:d7:6d:2a:10:c6:ff:11:96:9c:71:08:a6:
4f:03:89:ad:a5:2b:a2:3b:ad:0c:c5:9f:3b:66:5e:56:10:87:
9f:e4:d4:3c:fb:ec:cb:0d:a4:38:3f:cd:b4:de:7e:d6:94:8a:
c6:33:49:9a:f9:be:b9:b3:c6:3c:3b:ed:46:fd:0a:50:79:bf:
0e:da:9e:74:0f:51:31:cd:29:a7:d0:97:42:f6:65:0b:7e:5b:
3b:c2:20:89:c5:99:9d:eb:fc:01:3a:55:1d:f0:03:4b:7c:81:
35:87:b1:0d:39:91:b8:8d:3d:19:5d:1d:79:bf:e7:c9:79:47:
95:8b:ca:14:53:c3:a0:3c:7d:c3:77:13:8c:02:44:3c:61:4b:
4b:4a:ee:90:77:0e:62:61:dd:43:46:ef:1e:fd:8a:e5:bb:91:
61:42:8a:21:7f:0f:b7:a8:6d:94:36:5e:df:c5:9e:ed:85:f8:
1a:dd:64:00:06:d5:27:0a:b9:57:86:e5:dd:59:09:51:75:c9:
44:dd:a3:a3:75:3a:fa:61:d9:ac:51:c6:bf:e8:9b:3f:2e:94:
bc:2e:9d:8d:94:d9:03:dc:ef:31:7d:23:15:98:fe:74:72:8a:
8a:0b:3b:2a:d0:38:fd:c1:20:f6:e5:69:2d:1c:08:bd:a4:26:
3d:f9:d7:82:c5:c5:41:c9:ad:98:26:9d:81:aa:2b:3e:54:1b:
37:d4:2e:a8:eb:97:6d:4e:a6:47:1d:95:c9:49:22:58:ab:b2:
26:0d:86:11:61:28:02:8d:87:21:93:19:7d:46:cc:4c:40:60:
93:77:7e:11:2e:31:9c:b5:5c:62:72:79:08:25:ac:3c:af:83:
4c:e4:20:89:c4:80:e9:d8:e0:a6:c7:3a:5e:91:6d:d8:79:11:
d9:0d:24:1d:e7:ca:86:e8:ee:73:9e:ad:3d:94:7a:98:38:a9:
76:1a:42:3e:b5:8b:a4:0d:b9:46:5f:47:b3:a0:05:f8:74:d6:
5a:85:7a:6c:4b:7e:74:01:30:a5:18:6c:94:3b:46:21:5d:46:
18:fc:18:e9:fb:ae:3e:c4:75:56:6f:50:d7:52:20:b6:f0:52:
55:a7:d0:f1:c8:04:d6:b8:a6:08:2c:68:1e:fa:fd:c3:37:5b:
75:d8:27:64:47:a6:0b:16:f5:d7:1a:63:41:1a:d2:c1:4e:b3:
97:72:18:3d:bb:43:45:ac:3a:6c:55:5d:ce:fc:aa:51:9f:02:
b4:06:80:38:a0:76:c1:fc:79:89:1b:b1:72:c8:a2:f6:e3:1d:
ee:11:fc:a7:65:fe:b8:d2
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIBZDANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJBVTEM
MAoGA1UECBMDVklDMRIwEAYDVQQHEwlNZWxib3VybmUxFDASBgNVBAoTC01hc3Rl
ciBSb290MQwwCgYDVQQLEwNTU0wxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMjMwMTE0
MDIyNDQzWhcNMzMwMTExMDIyNDQzWjBPMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD
VklDMQ0wCwYDVQQKEwRERUdFMQwwCgYDVQQLEwNTU0wxFTATBgNVBAMTDERFR0Ug
Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANebXye3uhjU
zQwZkruZd0JEOUAxn3EAy5pRQZBmPdM04pLP369VxSoCmz62AWR6DKdvgaaVXVtD
OaCR0y8UJr2siVSEg25xoCgwtcwxAQY4tofR3P8BAyPViwAP3bKWfehk5HqnNNZ8
Y6lG7V62VU/F51sGERw5FZfux4FI/yf+rbr6MVt8iVaEujpjisjCTNtxpSkdg8+O
4LKuY0tiLOgYD8TSXy8nc9jyeNhs1qq47J6HqiKq82lHUSRRK7IUaVvWgh8ZsKEV
+aTnV59F4H017GdsDiE6cizwg0acN0MXMFF9X8kMcPoZUqC6aI3dzzRFKsspXvws
E9K/14takxGEZ+iQdPxqcYm9qFcWnWg+VHtAzYPd2mPdf6Li5m6tuAWD4TD1lEKe
GZhxzKJtCptdWTmZgxqVboN7ZFtIUczMroTgjfZh/udgJtsP6a430CeASrWMxwvk
yUOA/aDw+G2r323a7+nPcVTWdW0/Vt4gpvpD1TaEkeVcTm2/qH1AIG5/qIs/0xup
OZ3DymIYB0mP7q5a49YpdZt7S2OAstAh0xU+qDTP9z1IN4BN2cx8x8zmAFCAjZw/
sl17HYWGzAw44MxQDb7L+JEAS7zjx/2NqYw9dyROyfoa/43+wVhHLVRJkTXAjqlS
DplNXibe4YgRr1acMcfuWEImOc5Iet6PAgMBAAGjggGVMIIBkTASBgNVHRMBAf8E
CDAGAQH/AgEBMB0GA1UdDgQWBBQC+8X/BEIE6WH4oNj+19N16Mz+fzCBlwYDVR0j
BIGPMIGMgBQqNnYk4S28QyQn7pu2URFS9abjnaFppGcwZTELMAkGA1UEBhMCQVUx
DDAKBgNVBAgTA1ZJQzESMBAGA1UEBxMJTWVsYm91cm5lMRQwEgYDVQQKEwtNYXN0
ZXIgUm9vdDEMMAoGA1UECxMDU1NMMRAwDgYDVQQDEwdSb290IENBggkA5touNGDl
oVowCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjAeBgNVHRIEFzAVhhNo
dHRwczovL3NzbC5kbGNtLmNvMFgGCCsGAQUFBwEBBEwwSjAkBggrBgEFBQcwAYYY
aHR0cHM6Ly9zc2wuZGxjbS5jby9vY3NwMCIGCCsGAQUFBzAChhZodHRwczovL3Nz
bC5kbGNtLmNvL2NhMCgGA1UdHwQhMB8wHaAboBmGF2h0dHBzOi8vc3NsLmRsY20u
Y28vY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQCrrS/SoQBa7t+uE3Iexnjq/rFn7C7M
z2DXbSoQxv8RlpxxCKZPA4mtpSuiO60MxZ87Zl5WEIef5NQ8++zLDaQ4P8203n7W
lIrGM0ma+b65s8Y8O+1G/QpQeb8O2p50D1ExzSmn0JdC9mULfls7wiCJxZmd6/wB
OlUd8ANLfIE1h7ENOZG4jT0ZXR15v+fJeUeVi8oUU8OgPH3DdxOMAkQ8YUtLSu6Q
dw5iYd1DRu8e/Yrlu5FhQoohfw+3qG2UNl7fxZ7thfga3WQABtUnCrlXhuXdWQlR
dclE3aOjdTr6YdmsUca/6Js/LpS8Lp2NlNkD3O8xfSMVmP50coqKCzsq0Dj9wSD2
5WktHAi9pCY9+deCxcVBya2YJp2Bqis+VBs31C6o65dtTqZHHZXJSSJYq7ImDYYR
YSgCjYchkxl9RsxMQGCTd34RLjGctVxicnkIJaw8r4NM5CCJxIDp2OCmxzpekW3Y
eRHZDSQd58qG6O5znq09lHqYOKl2GkI+tYukDblGX0ezoAX4dNZahXpsS350ATCl
GGyUO0YhXUYY/Bjp+64+xHVWb1DXUiC28FJVp9DxyATWuKYILGge+v3DN1t12Cdk
R6YLFvXXGmNBGtLBTrOXchg9u0NFrDpsVV3O/KpRnwK0BoA4oHbB/HmJG7FyyKL2
4x3uEfynZf640g==
-----END CERTIFICATE-----