pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IMAP server?

On 22/06/21 06:17PM, Reinoud Zandijk wrote:
> The imapd daemon looks for the following files to use SSL:
>     /etc/openssl/certs/imapd.pem (certificate)
>     /etc/openssl/private/imapd.pem (private key)
> and similarly for the ipopd daemon.
> ===========================================================================
> Do you know how to create those certificates? And is logging in done anyway?

Yes, for imaps and pop3 you need to have the authoritative certificate
and key installed at the specified paths, as stated in the MESSAGE.

Clients will require a trusted cert from a certificate authority,like
Let's Encrypt. You can get one easily with security/py-certbot. 
(Since the name of the package depends on the python version used to
build it, it's advisable to install pkgtools/pkg_alternatives, and
update the alternatives database, so that /usr/pkg/bin/certbot will
invoke your currently installed version. 

To request a certificate from Let's Encrypt using certbot, for a server
running bozo-httpd:

# certbot certonly --webroot -w /var/www \
    -d <domain.tld>,<sub1.domain.tld>,<sub1.domain.tld> \
    - m <mail%domain.tld@localhost> --pre-hook "service httpd stop" \
    -post-hook "service httpd start"

You can skip the webroot part and the hook if you don't run a web server.

You can then find your certificate and key at:

As `fullchain.pem` and `privkey.pem` respectively. 

These will need to be manually symlinked or copied to the aforementioned
locations, which is:

/etc/openssl/certs/imapd.pem (certificate)
etc/openssl/private/imapd.pem (private key)

Then restart inetd, and your IMAP/POP3 server will be up and running
with SSL support. 


vms[-at]   |

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index