Planet
navi homePPSaboutscreenshotsdownloaddevelopmentforum

Opened 3 years ago

Closed 3 years ago

#467 closed enhancement (fixed)

Allow SSL/TLS for IMAP and SMTP

Reported by: landauf Owned by: landauf
Priority: critical Milestone: IT: Server Setup
Component: IT Version:
Keywords: Cc:
Referenced By: References:

Description

Currently I can only use STARTTLS for IMAP and SMTP on ports 143 and 25 respectively. It should be configured to allow SSL/TLS on ports 993 and 465 respectively.

Change History (4)

comment:1 Changed 3 years ago by landauf

  • Priority changed from minor to critical

comment:2 Changed 3 years ago by landauf

  • Owner set to landauf
  • Status changed from new to assigned

comment:3 Changed 3 years ago by landauf

  1. For IMAP:

In /etc/dovecot/conf.d/10-ssl.conf add this:

ssl = required
disable_plaintext_auth = yes

In /etc/dovecot/conf.d/10-master.conf change this:

  inet_listener imaps {
    #port = 0
    port = 993
    ssl = yes
  }
  1. For SMTP:

In /etc/postfix/main.cf search for smtpd_tls_security_level and define:

smtpd_tls_security_level = may
smtp_tls_security_level = may

Also ensure that smtpd_tls_auth_only = yes.

In /etc/postfix/master.cf add these services:

submission inet  n       -       y       -       -       smtpd
   -o smtpd_tls_security_level=encrypt
smtps      inet  n       -       y       -       -       smtpd
   -o smtpd_tls_wrappermode=yes
  1. Change firewall:

In /etc/iptables/rules.v4 there are already two open ports:

25: SMTP
143: IMAP STARTTLS

Add three more ports:

993: IMAP SSL
465: SMTP SSL
587: SMTP STARTTLS

Reload iptables:

sudo iptables-restore < /etc/iptables/rules.v4

Restart postfix and dovecot.

comment:4 Changed 3 years ago by landauf

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.