Tag Archive for 'SMTP'

Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.

Create you own SSL config in: “/etc/exim4/conf.d/main/ss_cert” and put it in:

1
2
3
4

MAIN_TLS_ENABLE = true
tls_certificate = /etc/exim4/mx.idrobot.net.cert
tls_privatekey = /etc/exim4/mx.idrobot.net.key
tls_on_connect_ports = 465

Don’t forget to change the group of your certificate to: Debian-exim

1

chown root:Debian-exim /etc/exim4/mx.idrobot.net*

Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.

Now we make exim listen on port 465, edit the following config:

1

vim /etc/default/exim4

Replace the standard:

1
2
3

# SMTPLISTENEROPTIONS=''
# to
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

after restart exim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewalling;)

1

iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT

The next step is secure receive of mails with Courier IMAP-SSL Deamon

Now open your imapd-ssl config “vim /etc/courier/imapd-ssl”
and search for “TLS_CERTFILE“, it’s the only one line that we must edit.

1
2
3

TLS_CERTFILE=/etc/courier/imapd.pem
# to
TLS_CERTFILE=/etc/courier/mx.idrobot.net.pem

This pem certificate contains “certificate” and “rsa private key”



Test your certificate:

1

openssl s_client -connect localhost:993 -state -debug