| 1 | CONFIGURING SSL on COURIER IMAP AND POP3D |
|---|
| 2 | ----------------------------------------- |
|---|
| 3 | |
|---|
| 4 | 1. Make the certificate configuration file |
|---|
| 5 | |
|---|
| 6 | # cd /usr/local/etc/courier-imap/ |
|---|
| 7 | |
|---|
| 8 | # cp imapd.cnf.dist imapd.cnf |
|---|
| 9 | # ln -s imapd.cnf pop3d.cnf |
|---|
| 10 | |
|---|
| 11 | * Now edit the file imapd.cnf, and replace the values for: |
|---|
| 12 | |
|---|
| 13 | C= |
|---|
| 14 | ST |
|---|
| 15 | L |
|---|
| 16 | O |
|---|
| 17 | OU |
|---|
| 18 | CN |
|---|
| 19 | emailAddress |
|---|
| 20 | |
|---|
| 21 | ... for example: |
|---|
| 22 | |
|---|
| 23 | C=BT |
|---|
| 24 | ST=none |
|---|
| 25 | L=Paro |
|---|
| 26 | O=Courier Mail Server |
|---|
| 27 | OU=Auto generated SSL |
|---|
| 28 | CN=wsXX.ws3.conference.sanog.org |
|---|
| 29 | emailAddress=postmaster@YOURDOMAIN.ws3.conference.sanog.org |
|---|
| 30 | |
|---|
| 31 | * Save the file |
|---|
| 32 | |
|---|
| 33 | 2. Now, let's make the certificate: |
|---|
| 34 | |
|---|
| 35 | # cd /usr/local/share/courier-imap |
|---|
| 36 | # ./mkimapdcert |
|---|
| 37 | ... |
|---|
| 38 | # ./mkpop3dcert |
|---|
| 39 | |
|---|
| 40 | * Create a directory for the SSL cache: |
|---|
| 41 | |
|---|
| 42 | # mkdir /usr/local/var/ |
|---|
| 43 | |
|---|
| 44 | 5. Let's do mutt with SSL! |
|---|
| 45 | |
|---|
| 46 | * Edit /home/sanog/.muttrc, and REMOVE the line: |
|---|
| 47 | |
|---|
| 48 | set starttls = no |
|---|
| 49 | |
|---|
| 50 | * Run mutt again |
|---|
| 51 | |
|---|
| 52 | mutt -f imap://sanog@wsXX |
|---|
| 53 | |
|---|
| 54 | You should see something like: |
|---|
| 55 | |
|---|
| 56 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|---|
| 57 | This certificate belongs to: |
|---|
| 58 | noc.ws3.conference.sanog.org |
|---|
| 59 | Unknown |
|---|
| 60 | Courier Mail Server |
|---|
| 61 | Automatically-generated SSL key |
|---|
| 62 | Paro |
|---|
| 63 | |
|---|
| 64 | This certificate was issued by: |
|---|
| 65 | noc.ws3.conference.sanog.org |
|---|
| 66 | Unknown |
|---|
| 67 | Courier Mail Server |
|---|
| 68 | Automatically-generated SSL key |
|---|
| 69 | Paro |
|---|
| 70 | |
|---|
| 71 | This certificate is valid |
|---|
| 72 | from Jul 17 09:42:17 2010 GMT |
|---|
| 73 | to Jul 17 09:42:17 2011 GMT |
|---|
| 74 | |
|---|
| 75 | Fingerprint: 4FFC 1817 5901 84A0 4150 BA31 09DC 59B3 |
|---|
| 76 | |
|---|
| 77 | -- Mutt: SSL Certificate check |
|---|
| 78 | (r)eject, accept (o)nce |
|---|
| 79 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|---|
| 80 | |
|---|
| 81 | 6. Repeat the exercise with tcpdump from Lab 3 |
|---|
| 82 | |
|---|
| 83 | * Can you see the contents of the mail traffic now ? |
|---|
| 84 | |
|---|
| 85 | |
|---|