|
Configure SSL
2014/08/22 |
|
Configure SSL to encrypt connections. SMTPS uses 465/TCP, POP3S uses 995/TCP, IMAPS uses 993/TCP.
|
|
| [1] | |
| [2] | Configure Postfix and Dovecot for SSL. |
|
[root@mail ~]#
vi /etc/postfix/main.cf # add follows to the end smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt smtpd_tls_key_file = /etc/pki/tls/certs/server.key smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
[root@mail ~]#
vi /etc/postfix/master.cf # line 17-18: uncomment smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
[root@mail ~]#
vi /etc/dovecot/conf.d/10-ssl.conf # line 6: uncomment ssl = yes # line 12,13: specify certificates ssl_cert = < /etc/pki/tls/certs/server.crt ssl_key = < /etc/pki/tls/certs/server.key
/etc/rc.d/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@mail ~]# /etc/rc.d/init.d/dovecot restart Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: [ OK ] |
| [3] | If IPTables is running, allow SMTPS/POP3S/IMAPS port. SMTPS uses 465/TCP, POP3S uses 995/TCP, IMAPS uses 993/TCP. For "-I INPUT 5" section below, Replace it to your own environment. |
|
[root@dlp ~]# iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT [root@dlp ~]# iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT [root@dlp ~]# iptables -I INPUT 7 -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT |
| [4] | For Email Client's settings, (Windows Live Mail) Open the property of an account and change settings like following example. (if you use PO3S, input '995 for incoming mail) |
|
| [5] | Click syncronize on Windows Live Mail, then following warning is shown because certificates is own created on your server. It's no ploblem. Click 'Yes' to proceed, then it's possible to send/receive emails through SSL connection. |
|