Recommended Protocols?
Raymond Herrera
raymond at forcewise.com
Tue Nov 10 16:23:25 EET 2020
Thanks Nikolai,
So far, I have concluded that the Dovecot distribution seems to be ready
to be deployed with essentially no modification of configuration files.
I am using CentOS 7 and sendmail.
Raymond
On 11/10/2020 1:58 AM, Nikolai Lusan wrote:
> On Tue, 2020-11-10 at 00:26 -0600, Raymond Herrera wrote:
> > Good. I am going to focus on the IMAP configuration and worry about
> > SMTP
> > later.
>
> Yeah, also the postfix list is probably more useful for the SMTP stuff,
> although having said that the two products integrate seemlessly.
>
> > The following is the relevant documentation.
> > This is very straightforward:
> > https://doc.dovecot.org/admin_manual/ssl/dovecot_configuration/
>
> > My file 10-ssl.conf is untouched.
>
> > However, this is the part that I would like to better understand:
>
> > https://doc.dovecot.org/admin_manual/ssl/certificate_creation/
>
> > Before creating my own certificate (which I have done in the past for
> > my
> > old server), I am curious. Is there anything wrong with the one that
> > comes with the distribution?
>
> The certificate which comes with either dovecot, or your distribution
> (in Debian it's "/etc/ssl/certs/ssl-cert-snakeoil.pem") is a self
> signed certificate, which most clients will force you to accept
> (permanently, or temporarily). Personally I am using Lets Encrypt (
> https://letsencrypt.org/) wildcard certificates (since I am not just
> using them for email purposes), and I have scripts that restart the
> relevant services when the certificates get updated (LE cert are only
> valid for 90 days, and can be renewed at 60 days). Look into LE and the
> tools available for Linux, pick the one that works for you, I use
> acme.sh which I find easier to script around.
>
> > ssl_cert = < /etc/pki/dovecot/certs/dovecot.pem
> > ssl_key = < /etc/pki/dovecot/private/dovecot.pem
>
> So this is a public/private key pair. Just like for ssh, gpg, or many
> other cryptography related tools. The ssl_cert line is the public
> certificate, and the ssl_key line is the key used to create the sign
> the initial certificate request (the CRL is later signed by an issuer,
> in the case of the snakeoil certs this is seperate private key).
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201110/1854deba/attachment.html>
More information about the dovecot
mailing list