Email: postfix-exercise4.txt

File postfix-exercise4.txt, 1.6 KB (added by regnauld, 9 years ago)

Postfix Lab 4: enable SSL/TLS

Line 
1CONFIGURING SSL on COURIER IMAP AND POP3D
2-----------------------------------------
3
41. Make the certificate configuration file
5
6    # cd /usr/local/etc/courier-imap/
7
8    # cp imapd.cnf.dist imapd.cnf
9    # ln -s imapd.cnf pop3d.cnf
10
11    * Now edit the file imapd.cnf, and replace the values for:
12
13    C=
14    ST
15    L
16    O
17    OU
18    CN
19    emailAddress
20
21    ... for example:
22
23    C=BT
24    ST=none
25    L=Paro
26    O=Courier Mail Server
27    OU=Auto generated SSL
28    CN=wsXX.ws3.conference.sanog.org
29    emailAddress=postmaster@YOURDOMAIN.ws3.conference.sanog.org
30
31    * Save the file
32
332. Now, let's make the certificate:
34
35    # cd /usr/local/share/courier-imap
36    # ./mkimapdcert
37    ...
38    # ./mkpop3dcert
39
40    * Create a directory for the SSL cache:
41
42    # mkdir /usr/local/var/
43
445. Let's do mutt with SSL!
45
46    * Edit /home/sanog/.muttrc, and REMOVE the line:
47
48    set starttls = no
49
50    * Run mutt again
51
52    mutt -f imap://sanog@wsXX
53
54    You should see something like:
55
56- - - - - - - - - - - - - - - - - - - - - - - - - - - -
57This certificate belongs to:
58   noc.ws3.conference.sanog.org
59   Unknown
60   Courier Mail Server
61   Automatically-generated SSL key
62   Paro
63
64This certificate was issued by:
65   noc.ws3.conference.sanog.org
66   Unknown
67   Courier Mail Server
68   Automatically-generated SSL key
69   Paro
70
71This certificate is valid
72   from Jul 17 09:42:17 2010 GMT
73     to Jul 17 09:42:17 2011 GMT
74
75Fingerprint: 4FFC 1817 5901 84A0 4150 BA31 09DC 59B3
76
77-- Mutt: SSL Certificate check
78(r)eject, accept (o)nce
79- - - - - - - - - - - - - - - - - - - - - - - - - - - -
80
816. Repeat the exercise with tcpdump from Lab 3
82
83    * Can you see the contents of the mail traffic now ?
84
85