This guide will show you how to enable TLS/SSL support in Dovecot 1.1,
enabling you to encrypt all POP3 and IMAP communications.
This guide assumes you already have a working Dovecot installation.
Certificate Creation:
This guide will not deal with certificate creation since that is already covered elsewhere. If you want an easy-to-use graphical program for managing self-signed certificates, you may wish to check out app-crypt/tinyca. You will need to save the certificate files (there should be 2 - a key file and a certificate file) on to the server. For example, you may choose to keep yours in a directory called /etc/ssl/mycerts. Your certificate files should be owned by root and have permissions 0600 (ie. they can only be read by root).
Package Setup:
You first need to ensure that you have Dovecot compiled with SSL support. For this to happen, Dovecot needs to be compiled with the ssl USE flag.
Add the following to /etc/portage/package.use:
net-mail/dovecot ssl
And recompile Dovecot with:
emerge -av dovecot
Configuration:
The following configuration is foung in
/etc/dovecot/dovecot.conf.
In the first section of the file, you need to specify the protocols that you
want enabled. You probably have one or both of "imap" or "pop3" already enabled.
You need to add the secure version of the protocols you use to this list.
For example, if you use both, this would be:
protocols = imap pop3 imaps pop3s
The following settings are in the section marked SSL settings. You now want to tell Dovecot where to find your certificate files. This example uses files stored in /etc/ssl/mycerts and the key and certificate files are respectively called
mail.example.org-key.pem and mail.example.org-cert.pem.
ssl_cert_file = /etc/ssl/mycerts/mail.example.org-cert.pem
ssl_key_file = /etc/ssl/mycerts/mail.example.org-key.pem
You also need to tell Dovecot the passphrase needed to decrypt the key file:
ssl_key_password =
To ensure that no other users can access your Dovecot configuration
where the key is stored, run:
chmod 600 /etc/dovecot/dovecot.conf
Finally, restart Dovecot with:
/etc/init.d/dovecot restart
em breve em pt_BR.
créditos: gentoo-wiki.com
No comments:
Post a Comment