SSL Dovecot

Enviado por el 12/06/2008

SSL Dovecot

Notas sencillas sobre como configurar Dovecot con SSL.1.- Descargamos el fichero http://dovecot.org/doc/mkcert.sh#!/bin/sh# Generates a self-signed certificate.# Edit dovecot-openssl.cnf before running this.OPENSSL=${OPENSSL-openssl}SSLDIR=${SSLDIR-/etc/ssl}OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}CERTDIR=$SSLDIR/certsKEYDIR=$SSLDIR/privateCERTFILE=$CERTDIR/dovecot.pemKEYFILE=$KEYDIR/dovecot.pemif [ ! -d $CERTDIR ]; then echo "$SSLDIR/certs directory doesn't exist" exit 1fiif [ ! -d $KEYDIR ]; then echo "$SSLDIR/private directory doesn't exist" exit 1fiif [ -f $CERTFILE ]; then echo "$CERTFILE already exists, won't overwrite" exit 1fiif [ -f $KEYFILE ]; then echo "$KEYFILE already exists, won't overwrite" exit 1fi$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2chmod 0600 $KEYFILEecho$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 22.- Creamos el fichero /etc/dovecot/dovecot-openssl.cnf[ req ]default_bits = 1024encrypt_key = yesdistinguished_name = req_dnx509_extensions = cert_typeprompt = no[ req_dn ]# country (2 letter code)C=ES# State or Province Name (full name)ST=Madrid# Locality Name (eg. city)L=Leganes# Organization (eg. company)O=ISIDISI# Organizational Unit Name (eg. section)OU=IMAP SSL Server# Common Name (*.example.com is also possible)CN=imap.isidisi.com# E-mail contactemailAddress= info@isidisi.com[ cert_type ]nsCertType = server3.- Hacemos backup de los certificados que vienen por defecto en Dovecot:mv /etc/ssl/private/dovecot.pem /etc/ssl/private/dovecot.pem.bakmv /etc/ssl/certs/dovecot.pem /etc/ssl/certs/dovecot.pem.bak4.- Modificamos /etc/dovecot/dovecot.confprotocols = imap imapsssl_disable = nossl_cert_file = /etc/ssl/certs/dovecot.pemssl_key_file = /etc/ssl/private/dovecot.pem5.- Reiniciamos dovecot[root@imap.isidisi.com] /etc/init.d/dovecot restartRestarting mail server: dovecot.