Postfix & SSL

10 posts / 0 new
Last post
#1 Sat, 05/15/2010 - 08:54
spamoom

Postfix & SSL

Hi all, I'm a little new at the whole SSL thing. I've got my VPS nicely running Virtualmin with no problem, all's working fine except pop3 and imap connections have no proper certificate to validate the server.

I found my way to StartSSL where I managed to create a key for mail.ns-server.co.uk and ns-server.co.uk.

I pointed postfix to the crt, key and authority crt in the webmin postfix settings. I now get the error saying that the server does not match the cert domain (which I'm sure it does :S)

Have I done something wrong / does anyone have a tutorial I can follow? I've googled around for quite a good few hours and have been unable to find out how to do what I want to do! (if that's what I want to do?!)

Any advice would be great!

Tue, 05/18/2010 - 15:01
andreychek

To setup your SSL cert for use with POP/IMAP (within Dovecot) -- you'd select your Virtual Server that is setup with the SSL cert, go into Server Configuration -> Manage SSL certificates, then select the "Copy to Dovecot" option.

Once you've done that, Dovecot should be configured to use your SSL cert.

If not, you might try manually restarting Dovecot with:

/etc/init.d/dovecot restart

Tue, 01/03/2012 - 08:00
amel

I did the same steps now and after I restarted dovecot I received following warning:

[root@xxx ~]# /etc/init.d/dovecot restart Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:84: ssl_cert_file has been replaced by ssl_cert = doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:85: ssl_key_file has been replaced by ssl_key = [ OK ]

but there is no warning when I restarted postfix

[root@xxx ~]# /etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ]

Anything we have to do in this case ??

Thank You

Tue, 01/03/2012 - 08:39
andreychek

It looks like I said "Dovecot" above when I really should have said "Postfix".

So, if you're getting errors with Postfix still -- try the "Copy to Postfix" button to try and correct that.

Though, it's also good to have SSL for Dovecot, so it's certainly not a problem to have copied your SSL cert there :-)

That warning sounds like it's safe to ignore, but which distribution/version is it that you're using there?

-Eric

Tue, 01/03/2012 - 10:20
amel

Thank You for reply,

I have already copied it for both services "dovecot" and "postfix" as we are planning to use SSL for both services...

we are using CentOS 6.2 (64 bit)... Webmin-Virtualmin is the latest ver....

Amel

Tue, 01/03/2012 - 10:21
amel

tried to copy the SSL CA again and the same warning:

[root@xxx ~]# /etc/init.d/dovecot restart Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:84: ssl_cert_file has been replaced by ssl_cert = doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:85: ssl_key_file has been replaced by ssl_key = [ OK ] [root@xxx ~]# /etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@xxx ~]#

Tue, 01/03/2012 - 11:07
andreychek

Okay, it actually looks like that should all be working then. That's just a warning, not an error.

Now, I'll speak with Jamie about making sure that the correct Dovecot config syntax is being used on the Dovecot version that comes with CentOS 6 -- Virtualmin may be using older syntax when adding SSL information in there.

However, it does sound like it's working, so Virtualmin just needs to be tweaked so that it doesn't use syntax that generates a warning message in Dovecot.

-Eric

Tue, 01/03/2012 - 13:54
amel

could be syntax yes... can You please remember my email address and let me know once you fix it ? It seems that SSL is working fine because when I added an email account on iPhone 4 it does not complain about SSL ... because its an purchased valid CA which is just copied to dovecot and postfix so its working just fine and I am able to send and receive the emails...

But any way it would be nice to fix ... so please let me know once it`s fixed ...

Thank You for information !!

Best regards Amel

Tue, 01/03/2012 - 14:06
andreychek

Well, it's not possible to send out notices whenever a specific bug is fixed -- however, I'll be telling Jamie about this today, so I'd expect to see it corrected within a few weeks.

-Eric

Tue, 01/03/2012 - 16:13
amel

ok, thank you for reply

Amel