Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.
Create you own SSL config in: “/etc/exim4/conf.d/main/ss_certificate” and put it in:
1 2 3 4
MAIN_TLS_ENABLE = true tls_certificate = /etc/exim4/mx.domain.com.cert tls_privatekey = /etc/exim4/mx.domain.com.key tls_on_connect_ports = 465
Don’t forget to change the group of your certificate to: Debian-exim
chown root:Debian-exim /etc/exim4/mx.idrobot.net*
Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.
Now we make exim listen on port 465, edit the following config:
Replace the standard:
1 2 3
#SMTPLISTENEROPTIONS='' # to SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
After restart Eeim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewall ;)
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
The next step is secure receive of mails with Courier IMAP-SSL Deamon
Now as second step to complete SSL-configuration open your imapd-ssl config
and search for TLS_CERTFILE
This mx.domain.com.pem certificate contains certificate and rsa private key:
cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem
Test your certificate by connecting to SSL-Port:
openssl s_client -connect localhost:993 -state -debug
Leave a Reply