Postfix & SSL

  • spamoom
  • 05/15/10
  • Offline
Posted: Sat, 2010-05-15 08:54

Hi all, I'm a little new at the whole SSL thing. I've got my VPS nicely running Virtualmin with no problem, all's working fine except pop3 and imap connections have no proper certificate to validate the server.

I found my way to StartSSL where I managed to create a key for mail.ns-server.co.uk and ns-server.co.uk.

I pointed postfix to the crt, key and authority crt in the webmin postfix settings. I now get the error saying that the server does not match the cert domain (which I'm sure it does :S)

Have I done something wrong / does anyone have a tutorial I can follow? I've googled around for quite a good few hours and have been unable to find out how to do what I want to do! (if that's what I want to do?!)

Any advice would be great!


To setup your SSL cert for

  • andreychek
  • 01/05/09
  • Online Now
  • Tue, 2010-05-18 15:01

To setup your SSL cert for use with POP/IMAP (within Dovecot) -- you'd select your Virtual Server that is setup with the SSL cert, go into Server Configuration -> Manage SSL certificates, then select the "Copy to Dovecot" option.

Once you've done that, Dovecot should be configured to use your SSL cert.

If not, you might try manually restarting Dovecot with:

/etc/init.d/dovecot restart


I did the same steps now and

  • amel
  • 12/10/11
  • Offline
  • Tue, 2012-01-03 09:00

I did the same steps now and after I restarted dovecot I received following warning:

[root@xxx ~]# /etc/init.d/dovecot restart Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:84: ssl_cert_file has been replaced by ssl_cert = doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:85: ssl_key_file has been replaced by ssl_key = [ OK ]

but there is no warning when I restarted postfix

[root@xxx ~]# /etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ]

Anything we have to do in this case ??

Thank You


It looks like I said

  • andreychek
  • 01/05/09
  • Online Now
  • Tue, 2012-01-03 09:39

It looks like I said "Dovecot" above when I really should have said "Postfix".

So, if you're getting errors with Postfix still -- try the "Copy to Postfix" button to try and correct that.

Though, it's also good to have SSL for Dovecot, so it's certainly not a problem to have copied your SSL cert there :-)

That warning sounds like it's safe to ignore, but which distribution/version is it that you're using there?

-Eric


Thank You for reply,I have

  • amel
  • 12/10/11
  • Offline
  • Tue, 2012-01-03 11:20

Thank You for reply,

I have already copied it for both services "dovecot" and "postfix" as we are planning to use SSL for both services...

we are using CentOS 6.2 (64 bit)... Webmin-Virtualmin is the latest ver....

Amel


tried to copy the SSL CA

  • amel
  • 12/10/11
  • Offline
  • Tue, 2012-01-03 11:21

tried to copy the SSL CA again and the same warning:

[root@xxx ~]# /etc/init.d/dovecot restart Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:84: ssl_cert_file has been replaced by ssl_cert = doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:85: ssl_key_file has been replaced by ssl_key = [ OK ] [root@xxx ~]# /etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@xxx ~]#


Okay, it actually looks like

  • andreychek
  • 01/05/09
  • Online Now
  • Tue, 2012-01-03 12:07

Okay, it actually looks like that should all be working then. That's just a warning, not an error.

Now, I'll speak with Jamie about making sure that the correct Dovecot config syntax is being used on the Dovecot version that comes with CentOS 6 -- Virtualmin may be using older syntax when adding SSL information in there.

However, it does sound like it's working, so Virtualmin just needs to be tweaked so that it doesn't use syntax that generates a warning message in Dovecot.

-Eric


could be syntax yes... can

  • amel
  • 12/10/11
  • Offline
  • Tue, 2012-01-03 14:54

could be syntax yes... can You please remember my email address and let me know once you fix it ? It seems that SSL is working fine because when I added an email account on iPhone 4 it does not complain about SSL ... because its an purchased valid CA which is just copied to dovecot and postfix so its working just fine and I am able to send and receive the emails...

But any way it would be nice to fix ... so please let me know once it`s fixed ...

Thank You for information !!

Best regards Amel


Well, it's not possible to

  • andreychek
  • 01/05/09
  • Online Now
  • Tue, 2012-01-03 15:06

Well, it's not possible to send out notices whenever a specific bug is fixed -- however, I'll be telling Jamie about this today, so I'd expect to see it corrected within a few weeks.

-Eric


ok, thank you for reply Amel

  • amel
  • 12/10/11
  • Offline
  • Tue, 2012-01-03 17:13

ok, thank you for reply

Amel