Cyrus Postfix AUTH TLS
Here comes TLS into play. Before we put it to work we need a certificate. Either you get it from a Certificate Authority whom you have to pay, or you create it for yourself. I will not describe how to become a Certificate Authority; instead I will show you how you can create a self signed .pem certificate.
This howto is meant as a practical guide, it does not cover the theoretical backgrounds.
And I would recommend will familiarize with the Documentation at leisure:
http://www.postfix.org/TLS_README.html
+++++++++ CERTIFICATE ++++++++++++++
Now we have to generate the certificate files needed for TLS:
mkdir /var/imap
cd /var/imap
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
Enter a password for smtpd.key.
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
Again, enter your password for smtpd.key.
Enter your Country Name (e.g., "CA").
Enter your State or Province Name.
Enter your City.
Enter your Organization Name (e.g., the name of your company).
Enter your Organizational Unit Name (e.g. "IT Department").
Enter the Fully Qualified Domain Name of the system (e.g. "mail.mydomain.com").
Enter your Email Address. (postmaster@mydomain.com)
The following information is optional:
Enter a challenge password.
Enter an optional company name.
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
Again, enter your password for smtpd.key.
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
Again, enter your password for smtpd.key.
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out ca-cert.pem -days 3650
Again, enter your password for smtpd.key.
Enter your Country Name (e.g., "DE").
Enter your State or Province Name.
Enter your City
Enter your Organization Name (e.g., the name of your company).
Enter your Organizational Unit Name (e.g. "IT Department").
Enter the Fully Qualified Domain Name of the system (e.g. "mail.mydomain.com").
Enter your Email Address. (postmaster@mydomain.com)
Make certificat and key file accessible by postfix and Cyrus
chown -R cyrus:mail /var/imap/
+++++++++++++++++++++++++++++++++++++++
+++++++++++++ POSTFIX +++++++++++++++++
Let's enable SMTP AUTH and TLS in Postfix
Add to the file /etc/postfix/main.cf following lines:
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_CApath = /var/imap
smtpd_tls_CAfile = /var/imap/ca-cert.pem
smtpd_tls_cert_file = /var/imap/smtpd.crt
smtpd_tls_key_file = /var/imap/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
And uncomment in file /etc/postfix/master.cf lines:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
And restart MTA /etc/init.d/postfix restart
++++++++++++++++++++++++++++++++++++++++
+++++++++++ Cyrus ++++++++++++++++
For access to IMAP server using secure authentcation add/uncomment following lines:
/etc/imapd.conf
tls_cert_file: /var/imap/smtpd.crt
tls_key_file: /var/imap/smtpd.key
tls_ca_file: /var/imap/ca-cert.pem
tls_ca_path: /var/imap/
/etc/cyrus.conf
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
Then restart IMAP server /etc/init.d/cyrus2.2 restart
.
