This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
build:imap [2008/04/06 22:52] 24.217.108.17 |
build:imap [2008/04/06 23:14] 24.217.108.17 |
||
---|---|---|---|
Line 27: | Line 27: | ||
apt-get install courier-doc | apt-get install courier-doc | ||
</code> | </code> | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
Line 33: | Line 38: | ||
The courier installation creates a rather sparse certificate that identifies itself as localhost. It's OK as a start for a default installation but the certificate should be updated to contain the correct values. Here is how to do this: | The courier installation creates a rather sparse certificate that identifies itself as localhost. It's OK as a start for a default installation but the certificate should be updated to contain the correct values. Here is how to do this: | ||
- | First we need to get a good set of values into the imapd.cnf. This assumes that /etc/ssl/openssl.cnf has been modified to contain the default SLUUG values already, if not see the [[http://wiki.sluug.org/build/security#ssl ssl]] section. | + | First we need to get a good set of values into the imapd.cnf. This assumes that /etc/ssl/openssl.cnf has been modified to contain the default SLUUG values already, if not see [[http://wiki.sluug.org/build/security#ssl ]] |
<code> | <code> | ||
- | mv /usr/lib/courier/imapd.cnf /usr/lib/courier/imapd.cnf.ORIG | + | mv /etc/courier/imapd.cnf /etc/courier/imapd.cnf.ORIG |
- | cp /etc/ssl/openssl.cnf /usr/lib/courier/imapd.cnf | + | cp /etc/ssl/openssl.cnf /etc/courier/imapd.cnf |
</code> | </code> | ||
- | Next we should extend the time for the certificates for 10 years. The default is one year, which means a new certificate has to be created every year. I'm too lazy for that. To do this, edit the certificate creation script | + | Next we should extend the time for the certificates for 10 years. The default is one year, which means a new certificate has to be created every year. I'm too lazy for that. To do this, edit the certificate creation script. |
<code> | <code> | ||
vi /usr/sbin/mkimapdcert | vi /usr/sbin/mkimapdcert | ||
Line 68: | Line 73: | ||
The certificate should be ready to go now. Fire up a mail client and connect to bud.sluug.org and check the certificate that is offered for the correct values, ie bud.sluug.org instead of localhost. | The certificate should be ready to go now. Fire up a mail client and connect to bud.sluug.org and check the certificate that is offered for the correct values, ie bud.sluug.org instead of localhost. | ||
+ | |||
+ | Here is the same thing for pop3d | ||
+ | <code> | ||
+ | vi /usr/lib/courier/mkpop3dcert | ||
+ | mv /etc/courier/pop3d.cnf /etc/courier/pop3d.cnf.ORIG | ||
+ | cp /etc/ssl/openssl.cnf /etc/courier/pop3d.cnf | ||
+ | ls -l /usr/lib/courier/pop3d.pem | ||
+ | rm /usr/lib/courier/pop3d.pem | ||
+ | /usr/lib/courier/mkpop3dcert | ||
+ | mv /etc/courier/pop3d.pem /etc/courier/pop3d.pem.ORIG | ||
+ | ln -s /usr/lib/courier/pop3d.pem /etc/courier/ | ||
+ | ls -l | ||
+ | /etc/init.d/courier-pop-ssl restart | ||
+ | </code> | ||
===== Configuration ===== | ===== Configuration ===== |