zeldor.biz

Linux, programming and more

Copyright © 2023
Log in

Exim Courier and SSL

August 8, 2010 by Igor Drobot Leave a Comment

Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.

Create you own SSL config in: “/etc/exim4/conf.d/main/ss_certificate” and put it in:

1
2
3
4
MAIN_TLS_ENABLE = true
tls_certificate = /etc/exim4/mx.domain.com.cert
tls_privatekey = /etc/exim4/mx.domain.com.key
tls_on_connect_ports = 465

MAIN_TLS_ENABLE = true tls_certificate = /etc/exim4/mx.domain.com.cert tls_privatekey = /etc/exim4/mx.domain.com.key tls_on_connect_ports = 465

Don’t forget to change the group of your certificate to: Debian-exim

1
chown root:Debian-exim /etc/exim4/mx.idrobot.net*

chown root:Debian-exim /etc/exim4/mx.idrobot.net*

Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.

Now we make exim listen on port 465, edit the following config:

1
vim /etc/default/exim4

vim /etc/default/exim4

Replace the standard:

1
2
3
#SMTPLISTENEROPTIONS=''
# to
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

#SMTPLISTENEROPTIONS='' # to SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

After restart Eeim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewall ;)

1
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT



The next step is secure receive of mails with Courier IMAP-SSL Deamon

Now as second step to complete SSL-configuration open your imapd-ssl config

1
vim /etc/courier/imapd-ssl

vim /etc/courier/imapd-ssl

and search for TLS_CERTFILE

1
TLS_CERTFILE=/etc/courier/mx.domain.com.pem

TLS_CERTFILE=/etc/courier/mx.domain.com.pem

This mx.domain.com.pem certificate contains certificate and rsa private key:

1
cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem

cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem

1
/etc/init.d/courier-imap-ssl restart

/etc/init.d/courier-imap-ssl restart



Test your certificate by connecting to SSL-Port:

1
openssl s_client -connect localhost:993 -state -debug

openssl s_client -connect localhost:993 -state -debug

Filed Under: Debian, Linux, Mailing, Networking Tagged With: Courier, Exim4, IMAP, IMAP-SSL, Port 465, Port 993, SMTP