Changes

Jump to: navigation, search

OPS335 Lab 4d

74 bytes added, 10:52, 14 April 2016
m
Removing a duplicate paramter.
#Let's start with the "sending" SMTP server we have on VM2. Run the following, replacing <u>andrewsmith.org</u> with '''<u>your</u> domain name''':
<source lang="bash">mkdir -p /root/postfix-keys /etc/ssl/{private,certs}cd /root/postfix-keys
openssl genrsa -des3 -out vm2.andrewsmith.org.key 2048
chmod 600 vm2.andrewsmith.org.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
chmod 600 vm2.andrewsmith.org.key cakey.pem
cp vm2.andrewsmith.org.key cakey.pem /etc/ssl/private/cp vm2.andrewsmith.org.crt cacert.pem /etc/ssl/certs/</source>
::'''NOTE:''' Those commands will create a certificate, a certificate signing request, a certificate authority, and a sign your certificate with your certificate authority.<br>This would be the same as in the real world except there you would contact a real CA, here you're making up your own.
<ol><li value="2">Now, configure Postfix to use the generated certificate, by adding the following to your '''main.cf''' file:</li></ol>
smtpd_use_tls = yes
smtp_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/ssl/private/vm2.andrewsmith.org.key
smtpd_tls_cert_file = /etc/ssl/certs/vm2.andrewsmith.org.crt
# Let's start by generating a new certificate for Dovecot on your vm3 machine by issuing the following commands:
<source lang="bash">mkdir /etc/ssl/{private,certs}openssl genrsa -des3 -out vm3.andrewsmith.org.key 2048
chmod 600 vm3.andrewsmith.org.key
openssl req -new -key vm3.andrewsmith.org.key -out vm3.andrewsmith.org.csr
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
chmod 600 vm3.andrewsmith.org.key cakey.pem
cp vm3.andrewsmith.org.key cakey.pem /etc/ssl/private/cp vm3.andrewsmith.org.crt cacert.pem /etc/ssl/certs/</source>
::'''NOTE:''' This process is identical to what you've done for the vm2 certificate. In fact if your IMAP and SMTP servers are on the same machine (i.e. you can share the certificate between them). In our case, they are not on the same machine.
<ol><li value="2">Next, we need to configure Dovecot to use this for encrypted connections and not allow any kind of plain text connections. Edit the '''dovecot.cont''', '''10-auth.conf''' , <u>and</u> '''10-ssl.conf''' files and change the following settings:</li></ol>
<source lang="bash">ssl = required
Peter.callaghan
932
edits
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/116480...117057"

Navigation menu