LINUX How to configure ssl-postfix-dovecot

#cd /etc/postfix
#vi main.cf
Paste under mynetworks:

####### smtp auth
smtpd_tls_auth_only = yes
smtp_use_tls = yes
smtpd_sasl_auth_enable =   yes
smtpd_sasl_type = cyrus
local_recipient_maps =
smtpd_use_tls = yes
smtp_tls_note_starttls_offer   = yes
smtpd_tls_key_file =   /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file =   /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile =   /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header   = yes
smtpd_tls_session_cache_timeout   = 3600s
tls_random_source =   dev:/dev/urandom

########

Then:
#vi master.cf
Paste under smtp:
smtps   inet n   -   n   - - smtpd
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_sender=yes
      -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      -o broken_sasl_auth_clients=yes


To check the SASL available mechanisms run:

#saslauthd -V

Set SASL authentication to start at system boot:

#chkconfig --levels 235 saslauthd on

Set up the encryption keys:

#mkdir /etc/postfix/ssl
#cd ssl/
#openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
#chmod 600 smtpd.key
#openssl req -new -key smtpd.key -out smtpd.csr
#openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
#openssl rsa -in smtpd.key -out smtpd.key.unencrypted
#mv -f smtpd.key.unencrypted smtpd.key
#openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650


Set up the client certificate for importing into Internet Explorer (for Outlook) / Thunderbird (this will suppress warnings about using a self signed certificate):

#openssl pkcs12 -export -in smtpd.crt -inkey smtpd.key -out OutlookSMTP.p12

Reload the config:

#postfix reload

Check if the port is listening:

#netstat -ntpl | grep master

tcp     0    0     127.0.0.1:10025  0.0.0.0:*      LISTEN   8366/master
tcp     0    0     0.0.0.0:465      0.0.0.0:*      LISTEN   8366/master
tcp     0    0     0.0.0.0:25       0.0.0.0:*      LISTEN    8366/master


Test if TLS and AUTH is working:

#telnet localhost 465

Dovecot config for POP3 IMAP
#vi /etc/dovecot

protocols imap imaps pop3s

Whichever services you are using, you need to configure the IP and port on which each one will listen.

protocol imap {
    listen = 127.0.0.1:143
    ssl_listen = 123.45.67.89:993

    ...
}

protocol pop3 {
    # listen = 987.65.43.21:110
    ssl_listen = 123.45.67.89:995

    ...
}

Comments

Popular posts from this blog

Java : Variables Declaring

SQL Self JOIN