[GRLUG] Postfix server setup

Patrick Goupell patrick at upmerchants.com
Sat May 10 11:29:50 EDT 2014


On 05/08/2014 11:22 PM, Godwin wrote:
> Hi Patrick,
>
> Yes, Godaddy's certificate will work on Apache, Postfix, Cyrus IMAP 
> (or anything else that requires a cert - I suspect).  This site has 
> quick reference to common OpenSSL command like generating a key, csr, 
> cert, etc.
>
> http://www.sslshopper.com/article-most-common-openssl-commands.html
>
> To add your cert to Postfix, you'll need the key you generated (prior 
> to the CSR you generated), and both the domain cert and CA cert you 
> got from Godaddy.  Here's how to use them in Postfix's "*main.cf 
> <http://main.cf>*" file:
>
> smtp_use_tls = yes
> smtp_tls_note_starttls_offer = yes
> # The two lines above allows us to ask for TLS on connecting to other 
> servers.
> smtpd_use_tls = yes
> smtpd_tls_auth_only = no
> # Use this to force TLS (problem is, then no TLS sessions will be 
> rejected)
> #smtpd_tls_security_level = encrypt
> smtpd_tls_cert_file = /etc/postfix/ssl/yourdomain.com-cert.crt
> smtpd_tls_key_file = /etc/postfix/ssl/yourdomain.com.key
> smtpd_tls_CAfile = /etc/postfix/ssl/gd_bundle-g2-g1.crt
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
> # information on enabling SSL in the smtp client.
>
> Others can scrutinize this, but that's the gist of if.
>
> cheers,
> Godwin
>
>
Thank you for the help.  I have made the changes as noted and the 
"telnet" test show tls starting.

I can access the email account using thunderbird on port 110, pop3.

Now I am trying to set up thunderbird to use port 995, pop3 / ssl / tls

I have courier on the mail server.

When I try to connect with thunderbird I get the following error on the 
mail server:

pop3d-ssl: couriertls: /etc/courier/pop3d.pem: error:0906D06C:PEM 
routines:PEM_read_bio:no start line

Doing web searches I find references to .pem and .der certifiacates.

I did a openssl x509 -in mycertifiacte.crt -text -noout and it shows the 
certificate text without error.

So what do I do now?

Patrick


__

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20140510/0b824b0e/attachment.html>


More information about the grlug mailing list