Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.
Create you own SSL config in: “/etc/exim4/conf.d/main/ss_certificate” and put it in:
1 2 3 4 | MAIN_TLS_ENABLE = true tls_certificate = /etc/exim4/mx.domain.com.cert tls_privatekey = /etc/exim4/mx.domain.com.key tls_on_connect_ports = 465 |
Don’t forget to change the group of your certificate to: Debian-exim
1 | chown root:Debian-exim /etc/exim4/mx.idrobot.net* |
Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.
Now we make exim listen on port 465, edit the following config:
1 | vim /etc/default/exim4 |
Replace the standard:
1 2 3 | #SMTPLISTENEROPTIONS='' # to SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid' |
After restart Eeim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewall ;)
1 | iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT |
The next step is secure receive of mails with Courier IMAP-SSL Deamon
Now as second step to complete SSL-configuration open your imapd-ssl config
1 | vim /etc/courier/imapd-ssl |
and search for TLS_CERTFILE
1 | TLS_CERTFILE=/etc/courier/mx.domain.com.pem |
This mx.domain.com.pem certificate contains certificate and rsa private key:
1 | cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem |
1 | /etc/init.d/courier-imap-ssl restart |
Test your certificate by connecting to SSL-Port:
1 | openssl s_client -connect localhost:993 -state -debug |
Leave a Reply