> Correo > Dovecot: Configuración de IMAP con SSL (IMAPS)

Dovecot: Configuración de IMAP con SSL (IMAPS)

Anteriormente hablamos de la instalación de dovecot con qmail y vpopmail tanto desde zero como migrando desde Postfix con contraseñas en /etc/passwd. En ambos casos lo hicimos sin configurar SSL. Vamos a ver como:

Primero de todo deberemos generar (o comprar) el certificado, para ello podemos hacerlo mediante easy-rsa:

# ./build-key-server
Generating a 1024 bit RSA private key
writing new private key to ''
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [ES]:
State or Province Name (full name) [BARCELONA]:
Locality Name (eg, city) [Barcelona]:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/local/etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'ES'
stateOrProvinceName   :PRINTABLE:'BARCELONA'
localityName          :PRINTABLE:'Barcelona'
organizationName      :PRINTABLE:''
commonName            :PRINTABLE:''
emailAddress          :IA5STRING:''
Certificate is to be certified until Oct 11 10:26:02 2018 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

A continuación copiamos los certificados a un lugar más adecuado, por ejemplo, /var/qmail/ssl:

# mkdir -p /var/qmail/ssl
# cp* /var/qmail/ssl

A continuación configuramos dovecot mediante el fichero /usr/local/etc/dovecot.conf. Primero definimos los certificados:



Y posteriormente definimos el puerto para usar IMAPS mediante ssl_listen:

protocol imap {
        listen = *:143
        ssl_listen = *:993

En este caso se ha usado el puerto 993 (por defecto) para imaps, como podemos consultar en /etc/services:

# grep imaps /etc/services
imaps           993/tcp                         # IMAP over SSL
imaps           993/udp                         # IMAP over SSL

Deja un comentario:

XHTML - Tags permitidos:<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>