This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
using_ssl_with_exim_4_on_debian [2009/07/03 17:38] adam |
using_ssl_with_exim_4_on_debian [2016/11/25 22:38] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Using SSL with Exim 4 on Debian ===== | + | ===== Using SSL with Exim 4 and Courier IMAP/ |
+ | |||
+ | Here I will be setting up SSL keys with Exim 4 and Courier IMAP and POP3 under Debian to secure the sending and retrieval of emails and username and password details to my server. | ||
+ | |||
+ | I will be using SSL certificates from [[http:// | ||
+ | |||
+ | If you want to use a commercial SSL provider, then this should still work for you, but the CA Cert specific stuff will need to be translated to apply to your own provider. Of course in that case, you won't need to import the CA Cert root keys either. | ||
+ | |||
+ | Using SSL to secure SMTP, POP3 and IMAP means all of the sending and receiving of email between your mail client and server will be encrypted as will your username and password. Sending and receiving of mail between mail servers will only be encrypted if both ends support it and are configured to use it as a preference. You will have no control over whether other people' | ||
==== Set up a CA Cert Account ==== | ==== Set up a CA Cert Account ==== | ||
Line 67: | Line 75: | ||
It should work though. If it does then you're done :) Just be sure to keep an eye on when your certificate expires because you'll need to renew it before then or you'll start getting errors and remember that CA Cert are not an official, paid for certificate provider. You will need to install their root keys on every machine you wish to connect over SSL from to avoid irritating errors. | It should work though. If it does then you're done :) Just be sure to keep an eye on when your certificate expires because you'll need to renew it before then or you'll start getting errors and remember that CA Cert are not an official, paid for certificate provider. You will need to install their root keys on every machine you wish to connect over SSL from to avoid irritating errors. | ||
- | Now you' | + | ==== Setting Up Courier IMAP and POP3 for SSL ==== |
+ | |||
+ | You already have an SSL certificate for your hostname, so there' | ||
+ | |||
+ | Courier expects your certificate and key in a single file. Use the following to make a single file which contains both, substitute ' | ||
+ | |||
+ | cat / | ||
+ | |||
+ | Now edit both / | ||
+ | |||
+ | TLS_CERTFILE=/ | ||
+ | |||
+ | Save the file and restart both the courier-imap-ssl and courier-pop3d-ssl daemons: | ||
+ | |||
+ | / | ||
+ | / | ||
+ | |||
+ | Keep an eye open for any errors or daemons failing to restart. if there are any problems, check / | ||
+ | |||
+ | Your courier SSL daemons should now be using your certificate so you need to open up TCP ports 993 and 995 for IMAPS and POP3S respectively. Add the following IP Tables rules, however you manage your filewall and be sure to make them survive a reboot: | ||
+ | |||
+ | iptables -A INPUT -p tcp -d mailserverip --dport 993 -j ACCEPT | ||
+ | iptables -A INPUT -p tcp -d mailserverip --dport 995 -j ACCEPT | ||
+ | |||
+ | ==== Setting Up Your Mail Client for IMAP and POP3 for SSL ==== | ||
+ | |||
+ | In Thunderbird, | ||
==== Links ==== | ==== Links ==== |