This needs to be done after creating the certificate authority
Edit /etc/dovecot.conf to allow on the protocols you require by changing the protocols value
Edit /etc/pki/dovecot/dovecot-openssl.cnf with the relevant information
Delete the old certificates
#rm /etc/pki/dovecot/private/dovecot.pem
#rm /etc/pki/dovecot/certs/dovecot.pem
Run the mkcert script
#/usr/share/doc/dovecot-1.0.7/examples/mkcert.sh
Restart dovecot
#service dovecot restart
Open the required ports on the firewall
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT udp -- anywhere anywhere state NEW udp dpt:pop3s
Run the mkcert script
#/usr/share/doc/dovecot-1.0.7/examples/mkcert.sh
Restart dovecot
#service dovecot restart
Open the required ports on the firewall
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT udp -- anywhere anywhere state NEW udp dpt:pop3s
You can test this using mutt, copy the ca certificate to the .mutt directory in the users home directory and run mutt
#mutt -f imaps://user@server
Check the maillog of the server
Sep 4 13:32:40 auth1 sendmail[6037]: q84KWdRd006036: to=<adam@auth1.example.com>, ctladdr=<root@auth1.example.com> (0/0), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30529, dsn=2.0.0, stat=Sent
Sep 4 13:34:02 auth1 dovecot: imap-login: Login: user=<user>, method=PLAIN, rip=::ffff:172.16.118.135, lip=::ffff: TLS
No comments:
Post a Comment