FreeKB - Encrypt POP3 IMAP traffic using a public/private key pair
Dovecot - Encrypt POP3 IMAP traffic using a public/private key pair

Add the following to the /etc/dovecot/conf.d/10-ssl.conf file:

ssl = yes
ssl_cert = </etc/pki/tls/certs/mail.example.com.crt
ssl_key = </etc/pki/tls/private/mail.example.com.key

 

The ps command can be used to determine if your system is using init or systemd. If PID 1 is init, then you will use the service command. If PID 1 is systemd, then you will use the systemctl command.

If your system is using systemd, use the systemctl command to start and enable dovecot.

systemctl restart dovecot
systemctl status dovecot

 

If your system is using init, use the chkconfig and service commands to start and enable dovecot.

service dovecot restart
service dovecot status

 

On the Dovecot email server itself, use OpenSSL to test POP3s. The "s" in POP3s means secured. There should be many lines of text referencing various security parameters, such as SSL, TLS, and certificate. The output should begin with "CONNECTED(0000003)" and end with "Verify return code: 18 (self signed certificate)" and "+OK Dovecot ready."

~]# openssl s_client -connect mail.example.com:pop3s
CONNECTED(00000003)    
. . .
Verify return code: 18 (self signed certificate)
---
+OK Dovecot ready.

 

Likewise, test IMAPs.

~]# openssl s_client -connect mail.example.com:imaps
CONNECTED(00000003) 
. . .
Verify return code: 18 (self signed certificate)
---
* OK Dovecot ready.

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter e1149 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |