[Dovecot] trying to configre dovecot

Gene Heskett gheskett at wdtv.com
Mon Jul 15 21:20:53 EEST 2013


On Monday 15 July 2013 14:14:38 Noel Butler did opine:

> On Sun, 2013-07-14 at 21:38 -0700, Professa Dementia wrote:
> > On 7/14/2013 9:03 PM, Gene Heskett wrote:
> > > Guessing between the lines I made a few substitutions to localize it
> > > for me, but when I run the line to dump the configs, the output is
> > > very short because I do not have the *.pem files.
> > > 
> > > Where can a usable set of these ssl 'keyfiles' be obtained?
> > 
> > $ openssl genrsa -out server.key 2048
> > $ openssl req -sha256 -new -key server.key -out server.csr
> > $ openssl x509 -req -days 3650 -in server.csr -signkey server.key -out
> > server.crt
> > $ cat server.key server.crt > server.pem
> > 
> > Run the four commands.  You will have a key file, certificate signing
> > request file, a self signed cert and a pem file which is the
> 
> simplified:  (4 lines into 1)
> 
> openssl req -x509 -days 3650 -nodes -newkey rsa:4096 -keyout mail.pem
> -out mail.pem
> 
> > if you want real security, you need to have your cert signed by a real
> > certificate authority (CA).
> 
> good idea, a self sign cert is fine for playing around, however there
> are some situations some clients might get upset at SSC's in production,
> either way, if you want a free "real" certificate for your mail server
> (inc webmail), have a look at the offerings from startssl.com
> 
> 
> dont know if your linked site gave you any this sicne I've just returned
> from a break and catching up on some 1700 posts under my list a/c :)
> (which most will be 'mark all as read'), but anyway
> 
> in this case use:
> openssl req -new -newkey rsa:4096 -days 365 -nodes -keyout mail.key -out
> mail.csr
> 
> submit your csr file to startssl (or other provider), and get your
> mail.crt file _and_ the class1/CA files (they should offer them to you
> to d/l)
> 
> Typically, I keep hte key separate and would use something like
> 
> cat mail.crt /etc/ssl/CA/sub.class1.server.ca.pem /etc/ssl/CA/ca.pem >
> dovecot.pem
> 
> and in dovecot:
> ssl_cert_file = /etc/ssl/certs/dovecot.pem
> ssl_key_file = /etc/ssl/certs/mail.key

I got to the startssl site ok, but failed at that point because I haven't 
yet managed to get claws-mail to actually fetch the mail while I am booted 
to 12.04.2 LTS.

Chicken/egg problem.  So I guess I'm stuck with SSC's ATM.  And because I'm 
doing full shutdowns to swap drives in a hot swap cage, I am killing my new 
and old drives with all this powerdown rebooting.  Probably 30 such cycles 
in the last 10 days. :(

Thank you for the help, its very much appreciated.

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
My views 
<http://www.armchairpatriot.com/What%20Has%20America%20Become.shtml>
Q:	What's yellow, and equivalent to the Axiom of Choice?
A:	Zorn's Lemon.
A pen in the hand of this president is far more
dangerous than 200 million guns in the hands of
         law-abiding citizens.


More information about the dovecot mailing list