zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

Exim Courier and SSL

August 8, 2010 by Igor Drobot Leave a Comment

Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.

Create you own SSL config in: “/etc/exim4/conf.d/main/ss_certificate” and put it in:

1
2
3
4
MAIN_TLS_ENABLE = true
tls_certificate = /etc/exim4/mx.domain.com.cert
tls_privatekey = /etc/exim4/mx.domain.com.key
tls_on_connect_ports = 465

MAIN_TLS_ENABLE = true tls_certificate = /etc/exim4/mx.domain.com.cert tls_privatekey = /etc/exim4/mx.domain.com.key tls_on_connect_ports = 465

Don’t forget to change the group of your certificate to: Debian-exim

1
chown root:Debian-exim /etc/exim4/mx.idrobot.net*

chown root:Debian-exim /etc/exim4/mx.idrobot.net*

Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.

Now we make exim listen on port 465, edit the following config:

1
vim /etc/default/exim4

vim /etc/default/exim4

Replace the standard:

1
2
3
#SMTPLISTENEROPTIONS=''
# to
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

#SMTPLISTENEROPTIONS='' # to SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

After restart Eeim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewall ;)

1
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT



The next step is secure receive of mails with Courier IMAP-SSL Deamon

Now as second step to complete SSL-configuration open your imapd-ssl config

1
vim /etc/courier/imapd-ssl

vim /etc/courier/imapd-ssl

and search for TLS_CERTFILE

1
TLS_CERTFILE=/etc/courier/mx.domain.com.pem

TLS_CERTFILE=/etc/courier/mx.domain.com.pem

This mx.domain.com.pem certificate contains certificate and rsa private key:

1
cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem

cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem

1
/etc/init.d/courier-imap-ssl restart

/etc/init.d/courier-imap-ssl restart



Test your certificate by connecting to SSL-Port:

1
openssl s_client -connect localhost:993 -state -debug

openssl s_client -connect localhost:993 -state -debug

Filed Under: Debian, Linux, Mailing, Networking Tagged With: Courier, Exim4, IMAP, IMAP-SSL, Port 465, Port 993, SMTP

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok