2009 November 09

Postfix and Dovecot with StartSSL certificates

Dovecot:

% wget http://www.startssl.com/certs/ca-bundle.crt
% cat ssl.crt sub.class1.server.ca.pem > /etc/ssl/dovecot/dovecot_crt.pem
% ln -s ssl.key /etc/ssl/dovecot/dovecot_key.pem
% cp ca-bundle.crt /etc/ssl/apache2/

dovecot.conf:

ssl_ca = </etc/ssl/apache2/ca-bundle.crt
ssl_cert = </etc/ssl/dovecot/dovecot_crt.pem
ssl_key = </etc/ssl/dovecot/dovecot_key.pem

http://nooms.de/articles/startssl.html

Postfix:

% ln -s ssl.crt cert.pem
% ln -s ssl.key key.pem

main.cf:

## TLS parameters ##

smtpd_use_tls=yes
smtpd_tls_cert_file=/etc/ssl/postfix/cert.pem
smtpd_tls_key_file=/etc/ssl/postfix/key.pem
smtp_tls_CAfile = /etc/ssl/apache2/ca.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

http://forum.startcom.org/viewtopic.php?t=80

Also see:

Configure PureFTPd To Accept TLS Sessions

By WladyX on 9 November, 2009 | General, Mail, Security | 3 comments

Test imaps

openssl s_client -connect imaphost:993

http://mailman2.u.washington.edu/pipermail/imap-protocol/2006-March/000129.html

By WladyX on | General, Mail | A comment?