Skip to main content

LINUX How to configure ssl-postfix-dovecot

#cd /etc/postfix
#vi main.cf
Paste under mynetworks:

####### smtp auth
smtpd_tls_auth_only = yes
smtp_use_tls = yes
smtpd_sasl_auth_enable =   yes
smtpd_sasl_type = cyrus
local_recipient_maps =
smtpd_use_tls = yes
smtp_tls_note_starttls_offer   = yes
smtpd_tls_key_file =   /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file =   /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile =   /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header   = yes
smtpd_tls_session_cache_timeout   = 3600s
tls_random_source =   dev:/dev/urandom

########

Then:
#vi master.cf
Paste under smtp:
smtps   inet n   -   n   - - smtpd
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_sender=yes
      -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      -o broken_sasl_auth_clients=yes


To check the SASL available mechanisms run:

#saslauthd -V

Set SASL authentication to start at system boot:

#chkconfig --levels 235 saslauthd on

Set up the encryption keys:

#mkdir /etc/postfix/ssl
#cd ssl/
#openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
#chmod 600 smtpd.key
#openssl req -new -key smtpd.key -out smtpd.csr
#openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
#openssl rsa -in smtpd.key -out smtpd.key.unencrypted
#mv -f smtpd.key.unencrypted smtpd.key
#openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650


Set up the client certificate for importing into Internet Explorer (for Outlook) / Thunderbird (this will suppress warnings about using a self signed certificate):

#openssl pkcs12 -export -in smtpd.crt -inkey smtpd.key -out OutlookSMTP.p12

Reload the config:

#postfix reload

Check if the port is listening:

#netstat -ntpl | grep master

tcp     0    0     127.0.0.1:10025  0.0.0.0:*      LISTEN   8366/master
tcp     0    0     0.0.0.0:465      0.0.0.0:*      LISTEN   8366/master
tcp     0    0     0.0.0.0:25       0.0.0.0:*      LISTEN    8366/master


Test if TLS and AUTH is working:

#telnet localhost 465

Dovecot config for POP3 IMAP
#vi /etc/dovecot

protocols imap imaps pop3s

Whichever services you are using, you need to configure the IP and port on which each one will listen.

protocol imap {
    listen = 127.0.0.1:143
    ssl_listen = 123.45.67.89:993

    ...
}

protocol pop3 {
    # listen = 987.65.43.21:110
    ssl_listen = 123.45.67.89:995

    ...
}

Comments

Popular posts from this blog

Lambda Function with Amazon SNS

  Amazon SNS is a service used for push notification. In this chapter, we will explain working of AWS Lambda and Amazon SNS with the help of an example where will perform the following actions − Create Topic in SNS Service and use AWS Lambda Add Topics to CloudWatch Send SNS text message on phone number given. Requisites To create Topic in SNS Service and use AWS Lambda Add Topics to CloudWatch, we need not follow the steps given below − Create Topic in SNS Create Role for permission in IAM Create AWS Lambda Function Publish to topic to activate trigger Check the message details in CloudWatch service. To send SNS text message on phone number given, we need to do the following − Add code in AWS Lambda to send message to your phone. Example In this example, we will create a topic in SNS. When details are entered in the topic to publish, AWS Lambda is triggered. The topic details are logged in CloudWatch and a message is sent on phone by AWS Lambda. Here is a basic block diagram which exp

Unix / Linux - Shell Input/Output Redirections

W e will discuss in detail about the Shell input/output redirections. Most Unix system commands take input from your terminal and send the resulting output back to your terminal. A command normally reads its input from the standard input, which happens to be your terminal by default. Similarly, a command normally writes its output to standard output, which is again your terminal by default. Output Redirection The output from a command normally intended for standard output can be easily diverted to a file instead. This capability is known as output redirection. If the notation > file is appended to any command that normally writes its output to standard output, the output of that command will be written to file instead of your terminal. Check the following  who  command which redirects the complete output of the command in the users file. $ who > users Notice that no output appears at the terminal. This is because the output has been redirected from the default standard output dev

Unix / Linux - Shell Functions

W e will discuss in detail about the shell functions. Functions enable you to break down the overall functionality of a script into smaller, logical subsections, which can then be called upon to perform their individual tasks when needed. Using functions to perform repetitive tasks is an excellent way to create  code reuse . This is an important part of modern object-oriented programming principles. Shell functions are similar to subroutines, procedures, and functions in other programming languages. Creating Functions To declare a function, simply use the following syntax − function_name () { list of commands } The name of your function is  function_name , and that's what you will use to call it from elsewhere in your scripts. The function name must be followed by parentheses, followed by a list of commands enclosed within braces. Example Following example shows the use of function − #!/bin/sh # Define your function here Hello () { echo "Hello World" } # Invoke yo