1 | CONFIGURING SSL on COURIER IMAP AND POP3D |
---|
2 | ----------------------------------------- |
---|
3 | |
---|
4 | 1. Make the certificate configuration file |
---|
5 | |
---|
6 | # cd /usr/local/etc/courier-imap/ |
---|
7 | |
---|
8 | # cp imapd.cnf.dist imapd.cnf |
---|
9 | # ln -s imapd.cnf pop3d.cnf |
---|
10 | |
---|
11 | * Now edit the file imapd.cnf, and replace the values for: |
---|
12 | |
---|
13 | C= |
---|
14 | ST |
---|
15 | L |
---|
16 | O |
---|
17 | OU |
---|
18 | CN |
---|
19 | emailAddress |
---|
20 | |
---|
21 | ... for example: |
---|
22 | |
---|
23 | C=BT |
---|
24 | ST=none |
---|
25 | L=Paro |
---|
26 | O=Courier Mail Server |
---|
27 | OU=Auto generated SSL |
---|
28 | CN=wsXX.ws3.conference.sanog.org |
---|
29 | emailAddress=postmaster@YOURDOMAIN.ws3.conference.sanog.org |
---|
30 | |
---|
31 | * Save the file |
---|
32 | |
---|
33 | 2. Now, let's make the certificate: |
---|
34 | |
---|
35 | # cd /usr/local/share/courier-imap |
---|
36 | # ./mkimapdcert |
---|
37 | ... |
---|
38 | # ./mkpop3dcert |
---|
39 | |
---|
40 | * Create a directory for the SSL cache: |
---|
41 | |
---|
42 | # mkdir /usr/local/var/ |
---|
43 | |
---|
44 | 5. Let's do mutt with SSL! |
---|
45 | |
---|
46 | * Edit /home/sanog/.muttrc, and REMOVE the line: |
---|
47 | |
---|
48 | set starttls = no |
---|
49 | |
---|
50 | * Run mutt again |
---|
51 | |
---|
52 | mutt -f imap://sanog@wsXX |
---|
53 | |
---|
54 | You should see something like: |
---|
55 | |
---|
56 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
---|
57 | This certificate belongs to: |
---|
58 | noc.ws3.conference.sanog.org |
---|
59 | Unknown |
---|
60 | Courier Mail Server |
---|
61 | Automatically-generated SSL key |
---|
62 | Paro |
---|
63 | |
---|
64 | This certificate was issued by: |
---|
65 | noc.ws3.conference.sanog.org |
---|
66 | Unknown |
---|
67 | Courier Mail Server |
---|
68 | Automatically-generated SSL key |
---|
69 | Paro |
---|
70 | |
---|
71 | This certificate is valid |
---|
72 | from Jul 17 09:42:17 2010 GMT |
---|
73 | to Jul 17 09:42:17 2011 GMT |
---|
74 | |
---|
75 | Fingerprint: 4FFC 1817 5901 84A0 4150 BA31 09DC 59B3 |
---|
76 | |
---|
77 | -- Mutt: SSL Certificate check |
---|
78 | (r)eject, accept (o)nce |
---|
79 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
---|
80 | |
---|
81 | 6. Repeat the exercise with tcpdump from Lab 3 |
---|
82 | |
---|
83 | * Can you see the contents of the mail traffic now ? |
---|
84 | |
---|
85 | |
---|