build:imap
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
build:imap [2008/04/06 22:35] 24.217.108.17 |
build:imap [2008/04/06 23:20] (current) 24.217.108.17 |
||
|---|---|---|---|
| Line 27: | Line 27: | ||
| apt-get install courier-doc | apt-get install courier-doc | ||
| </code> | </code> | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| ==== Security ==== | ==== Security ==== | ||
| - | The courier installation creates a rather sparse certificate that identifies itself as localhost. It's OK as a start for a default installation but the certificate should be updated to read bud.sluug.org. Here is how to do this: | + | The courier installation creates a rather sparse certificate that identifies itself as localhost. It's OK as a start for a default installation but the certificate should be updated to contain the correct values. Here is how to do this: |
| - | First we need to get a good set of values into the imapd.cnf. This assumes that /etc/ssl/openssl.cnf has been modified to contain default SLUUG values already, if not see the ssl **hyperlink this** section. | + | First we need to get a good set of values into the imapd.cnf. This assumes that /etc/ssl/openssl.cnf has been modified to contain the default SLUUG values already, if not see [[http://wiki.sluug.org/build/security#ssl ]] |
| <code> | <code> | ||
| - | mv /usr/lib/courier/imapd.cnf /usr/lib/courier/imapd.cnf.ORIG | + | mv /etc/courier/imapd.cnf /etc/courier/imapd.cnf.ORIG |
| - | cp /etc/ssl/openssl.cnf /usr/lib/courier/imapd.cnf | + | cp /etc/ssl/openssl.cnf /etc/courier/imapd.cnf |
| </code> | </code> | ||
| - | Next we should extend the time for the certificates for 10 years. The default is one year, which means a new certificate has to be created every year. I'm too lazy for that. To do this edit the certificate creation script | + | Next we should extend the time for the certificates for 10 years. The default is one year, which means a new certificate has to be created every year. I'm too lazy for that. To do this, edit the certificate creation script. |
| <code> | <code> | ||
| vi /usr/sbin/mkimapdcert | vi /usr/sbin/mkimapdcert | ||
| Line 44: | Line 52: | ||
| Look for the values 365 and add a zero to the end so it is 3650 (ten years) | Look for the values 365 and add a zero to the end so it is 3650 (ten years) | ||
| - | The mkimapdcert script check to see if a certificate already exists and will exit if it finds one as a safety measure. So we need to move the old certificate to the side. This is not necessary if that file is a link to /etc/courier/imapd.pem just delete the link. | + | As a safety measure, the mkimapdcert script checks to see if a certificate already exists and will exit if it finds one. So we need to move the old certificate to the side. This is not necessary if that file is a link to /etc/courier/imapd.pem just delete the link. |
| <code> | <code> | ||
| mv /usr/lib/courier/imapd.pem /usr/lib/courier/imapd.ORIG | mv /usr/lib/courier/imapd.pem /usr/lib/courier/imapd.ORIG | ||
| </code> | </code> | ||
| - | At this point everything should be in place to create a new cert, so run the script and if the openssl.cnf has been previously modified you can just hit enter all the way through to accept the defaults. | + | At this point everything should be in place to create a new cert, so run the script, if the openssl.cnf has been previously modified you can just hit enter all the way through to accept the defaults. |
| <code> | <code> | ||
| /usr/lib/courier/mkimapdcert | /usr/lib/courier/mkimapdcert | ||
| </code> | </code> | ||
| - | Now we have a shiny new certificate the has all the correct values such as bud.sluug.org instead of localhost. Put the cert in place. | + | Now we have a shiny new certificate that has all the correct values such as bud.sluug.org instead of localhost. Put the cert in place. |
| - | <code> | + | |
| - | cp /usr/lib/courier/imapd.pem /etc/courier/imapd.pem | + | |
| - | </code> | + | |
| - | + | ||
| - | or | + | |
| <code> | <code> | ||
| mv /etc/courier/imapd.pem /etc/courier/imapd.pem.ORIG | mv /etc/courier/imapd.pem /etc/courier/imapd.pem.ORIG | ||
| Line 67: | Line 70: | ||
| Courier only reads the certificate at start up, so we need to bump it. | Courier only reads the certificate at start up, so we need to bump it. | ||
| <code> | <code> | ||
| - | /etc/init.d/courier-imapd-ssl reload | + | /etc/init.d/courier-imap-ssl reload |
| </code> | </code> | ||
| The certificate should be ready to go now. Fire up a mail client and connect to bud.sluug.org and check the certificate that is offered for the correct values, ie bud.sluug.org instead of localhost. | The certificate should be ready to go now. Fire up a mail client and connect to bud.sluug.org and check the certificate that is offered for the correct values, ie bud.sluug.org instead of localhost. | ||
| + | |||
| + | Here is the same thing for pop3d | ||
| + | <code> | ||
| + | vi /usr/lib/courier/mkpop3dcert # Change 365 to 3650 | ||
| + | mv /etc/courier/pop3d.cnf /etc/courier/pop3d.cnf.ORIG # Save the old stuff, in case | ||
| + | cp /etc/ssl/openssl.cnf /etc/courier/pop3d.cnf # Get SLUUG default | ||
| + | ls -l /usr/lib/courier/pop3d.pem # See if is a link | ||
| + | rm /usr/lib/courier/pop3d.pem # Script won't run if this file exists | ||
| + | /usr/lib/courier/mkpop3dcert # Run the cert script | ||
| + | mv /etc/courier/pop3d.pem /etc/courier/pop3d.pem.ORIG # Save the old stuff, in case | ||
| + | ln -s /usr/lib/courier/pop3d.pem /etc/courier/ # Create link | ||
| + | ls -l /etc/courier/ # Make sure is OK | ||
| + | /etc/init.d/courier-pop-ssl restart # Reload the cert | ||
| + | </code> | ||
| ===== Configuration ===== | ===== Configuration ===== | ||
build/imap.1207539315.txt.gz · Last modified: 2008/04/06 22:35 by 24.217.108.17
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
