This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
using_ssl_with_exim_4_on_debian [2009/07/03 17:29] adam |
using_ssl_with_exim_4_on_debian [2016/11/25 22:38] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Using SSL with Exim 4 on Debian ===== | + | ===== Using SSL with Exim 4 and Courier IMAP/ |
+ | |||
+ | Here I will be setting up SSL keys with Exim 4 and Courier IMAP and POP3 under Debian to secure the sending and retrieval of emails and username and password details to my server. | ||
+ | |||
+ | I will be using SSL certificates from [[http:// | ||
+ | |||
+ | If you want to use a commercial SSL provider, then this should still work for you, but the CA Cert specific stuff will need to be translated to apply to your own provider. Of course in that case, you won't need to import the CA Cert root keys either. | ||
+ | |||
+ | Using SSL to secure SMTP, POP3 and IMAP means all of the sending and receiving of email between your mail client and server will be encrypted as will your username and password. Sending and receiving of mail between mail servers will only be encrypted if both ends support it and are configured to use it as a preference. You will have no control over whether other people' | ||
==== Set up a CA Cert Account ==== | ==== Set up a CA Cert Account ==== | ||
Line 38: | Line 46: | ||
MAIN_TLS_ENABLE = true | MAIN_TLS_ENABLE = true | ||
- | The above is described [[http:// | + | The above is described [[http:// |
Edit / | Edit / | ||
Line 65: | Line 73: | ||
No instructions here, you should be able to figure this out. Watch your Exim logs for errors if you can't get your mail through. In a corporate environment you might be behind a firewall which doesn' | No instructions here, you should be able to figure this out. Watch your Exim logs for errors if you can't get your mail through. In a corporate environment you might be behind a firewall which doesn' | ||
- | It should work though. If it does then you're done :) Just be sure to keep an eye on when your certificate expires because you'll need to renew it before then or you'll start getting errors. | + | It should work though. If it does then you're done :) Just be sure to keep an eye on when your certificate expires because you'll need to renew it before then or you'll start getting errors |
+ | |||
+ | ==== Setting Up Courier IMAP and POP3 for SSL ==== | ||
+ | |||
+ | You already have an SSL certificate for your hostname, so there' | ||
+ | |||
+ | Courier expects your certificate and key in a single file. Use the following to make a single file which contains both, substitute ' | ||
+ | |||
+ | cat / | ||
+ | |||
+ | Now edit both / | ||
+ | |||
+ | TLS_CERTFILE=/ | ||
+ | |||
+ | Save the file and restart both the courier-imap-ssl and courier-pop3d-ssl daemons: | ||
+ | |||
+ | / | ||
+ | / | ||
+ | |||
+ | Keep an eye open for any errors or daemons failing to restart. if there are any problems, check / | ||
+ | |||
+ | Your courier SSL daemons should now be using your certificate so you need to open up TCP ports 993 and 995 for IMAPS and POP3S respectively. Add the following IP Tables rules, however you manage your filewall and be sure to make them survive a reboot: | ||
+ | |||
+ | iptables -A INPUT -p tcp -d mailserverip --dport 993 -j ACCEPT | ||
+ | iptables -A INPUT -p tcp -d mailserverip --dport 995 -j ACCEPT | ||
+ | |||
+ | ==== Setting Up Your Mail Client for IMAP and POP3 for SSL ==== | ||
+ | |||
+ | In Thunderbird, | ||
==== Links ==== | ==== Links ==== |