Changes

Jump to: navigation, search

OPS335 Lab 4d

298 bytes added, 12:03, 15 March 2016
no edit summary
=== Encryption Dovecot with Secure Socket layer (SSL) ===
Now we'll will ensure that our '''Dovecot ''' connection is secure, and we'll enforce thatpolicy. With SMTP , you will need to allow plain text connections because since that's is the only way method to pass email from server-to-server. With IMAP , there is no server-to-serverinteraction, but rather only client-to-serverinteraction. The only reason to have an unencrypted IMAP connection would be if your '''IMAP server ''' and '''IMAP client ''' were the <u>same </u> machine (this would be the case with situation when using webmail).
Let's start by generating a new certificate for Dovecot on vm3''Perform the following steps:'''
# Let's start by generating a new certificate for Dovecot on your vm3 machine by issuing the following commands:
<source lang="bash">openssl genrsa -des3 -out vm3.andrewsmith.org.key 2048
chmod 600 vm3.andrewsmith.org.key
cp vm3.andrewsmith.org.crt cacert.pem /etc/ssl/certs/</source>
The :'''NOTE:''' This process is identical to what you've done for the vm2 certificate. In fact if your IMAP and SMTP servers are on the same machine - (i.e. you can share the certificate between them). In our case , they're are not on the same machine.
Now <ol><li value="2">Next, we need to configure Dovecot to use this for encrypted connections and not allow any kind of plain text connections. Edit the '''10-auth.conf ''' <u>and </u> '''10-ssl.conf to ''' files and change the following settings:
* <source lang="bash">ssl = required* ssl_cert = <path_to_your_crt_file* ssl_key = <path_to_your_key_file* disable_plaintext_auth = yes* protocols = imaps (instead of imap)</source>
<ol><li value="3">Your key/certificate dondoesn't have a '''.pem ''' extension but they are PEM-encoded files. You can confirm that using the '''file''' command. If you're interested - here's some documentation about [http://wiki2.dovecot.org/SSL/DovecotConfiguration Dovecot SSL configuration].</li></ol>
=== Verifying that Mail Messages are Encrypted===
13,420
edits

Navigation menu