pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IMAP server?



On 22/06/21 06:17PM, Reinoud Zandijk wrote:
> 
> The imapd daemon looks for the following files to use SSL:
> 
>     /etc/openssl/certs/imapd.pem (certificate)
>     /etc/openssl/private/imapd.pem (private key)
> 
> and similarly for the ipopd daemon.
> 
> ===========================================================================
> Do you know how to create those certificates? And is logging in done anyway?
> 


Yes, for imaps and pop3 you need to have the authoritative certificate
and key installed at the specified paths, as stated in the MESSAGE.

Clients will require a trusted cert from a certificate authority,like
Let's Encrypt. You can get one easily with security/py-certbot. 
(Since the name of the package depends on the python version used to
build it, it's advisable to install pkgtools/pkg_alternatives, and
update the alternatives database, so that /usr/pkg/bin/certbot will
invoke your currently installed version. 

To request a certificate from Let's Encrypt using certbot, for a server
running bozo-httpd:

# certbot certonly --webroot -w /var/www \
    -d <domain.tld>,<sub1.domain.tld>,<sub1.domain.tld> \
    - m <mail%domain.tld@localhost> --pre-hook "service httpd stop" \
    -post-hook "service httpd start"

You can skip the webroot part and the hook if you don't run a web server.

You can then find your certificate and key at:
/usr/pkg/etc/letsencrypt/live/<domain.tld>

As `fullchain.pem` and `privkey.pem` respectively. 

These will need to be manually symlinked or copied to the aforementioned
locations, which is:

/etc/openssl/certs/imapd.pem (certificate)
etc/openssl/private/imapd.pem (private key)

Then restart inetd, and your IMAP/POP3 server will be up and running
with SSL support. 

Regards,
PVO

-- 
----------------------------+----------------------------
vms[-at]retrobsd.ddns.net   |   https://retrobsd.ddns.net

Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index