Hi all, I still have some newbie questions. As far as I understood, IMAP/POP uses default certificates for a secure connection (signed to localhost). How do I create new ones (using Suse 9.3) belonging to mydomain.tld to avoid warnings from email clients? Thanks in advance, specially to Falko and Till for their great work! It would never be possible for me to set up my server so fast without your howto and ISPConfig . n2s P.s.: There is a security update for ClamAV, is there a (easy) way I upgrade the version that comes with ISPConfig?
Which POP3/IMAP server do you use? Is it Courier? This will be in the next ISPConfig release, it's already in the SVN version. But if you don't want to wait, then unpack the ISPConfig sources and have a look at the script install_ispconfig/compile_aps/compile. There you find the instructions on how to compile ClamAV.
Yes, Courier-IMAP/POP3 (I followed your Suse 9.3. howto). And the IMAP server uses a "automatically-generated IMAP SSL key" from the courier mail server. I don't know how I could replace these POP3/IMAP SSL certficates. Thanks! n2s
Please run Code: updatedb locate courier and post the output here so that I can see which courier-related programs are available on your system.
The output from locate courier: Code: /etc/courier /etc/courier/authdaemonrc /etc/courier/authdaemonrc.dist /etc/courier/imapd /etc/courier/imapd-ssl /etc/courier/imapd-ssl.dist /etc/courier/imapd.cnf /etc/courier/imapd.dist /etc/courier/pop3d /etc/courier/pop3d-ssl /etc/courier/pop3d-ssl.dist /etc/courier/pop3d.cnf /etc/courier/pop3d.dist /etc/courier/quotawarnmsg.example /etc/init.d/courier-authdaemon /etc/init.d/courier-imap /etc/init.d/courier-imap-ssl /etc/init.d/courier-pop3 /etc/init.d/courier-pop3-ssl /etc/init.d/rc3.d/K09courier-imap /etc/init.d/rc3.d/K09courier-imap-ssl /etc/init.d/rc3.d/K09courier-pop3 /etc/init.d/rc3.d/K09courier-pop3-ssl /etc/init.d/rc3.d/K10courier-authdaemon /etc/init.d/rc3.d/S12courier-authdaemon /etc/init.d/rc3.d/S13courier-imap /etc/init.d/rc3.d/S13courier-imap-ssl /etc/init.d/rc3.d/S13courier-pop3 /etc/init.d/rc3.d/S13courier-pop3-ssl /etc/init.d/rc5.d/K09courier-imap /etc/init.d/rc5.d/K09courier-imap-ssl /etc/init.d/rc5.d/K09courier-pop3 /etc/init.d/rc5.d/K09courier-pop3-ssl /etc/init.d/rc5.d/K10courier-authdaemon /etc/init.d/rc5.d/S12courier-authdaemon /etc/init.d/rc5.d/S13courier-imap /etc/init.d/rc5.d/S13courier-imap-ssl /etc/init.d/rc5.d/S13courier-pop3 /etc/init.d/rc5.d/S13courier-pop3-ssl /home/admispconfig/ispconfig/web/phpmyadmin/libraries/fpdf/font/courier.php /root/Maildir/courierpop3dsizelist /usr/lib/courier-imap /usr/lib/courier-imap/authlib /usr/lib/courier-imap/authlib/authdaemon /usr/lib/courier-imap/authlib/authdaemond /usr/lib/courier-imap/authlib/authdaemond.plain /usr/lib/courier-imap/couriertcpd /usr/lib/courier-imap/makedatprog /usr/sbin/courierlogger /usr/sbin/couriertls /usr/sbin/rccourier-authdaemon /usr/sbin/rccourier-imap /usr/sbin/rccourier-imap-ssl /usr/sbin/rccourier-pop3 /usr/sbin/rccourier-pop3-ssl /usr/share/courier-imap /usr/share/courier-imap/configlist /usr/share/courier-imap/configlist.ldap /usr/share/courier-imap/imapd.pem /usr/share/courier-imap/makeuserdb /usr/share/courier-imap/mkimapdcert /usr/share/courier-imap/mkpop3dcert /usr/share/courier-imap/pop3d.pem /usr/share/courier-imap/pw2userdb /usr/share/courier-imap/sysconftool /usr/share/courier-imap/userdb /usr/share/courier-imap/vchkpw2userdb /usr/share/doc/packages/courier-imap /usr/share/doc/packages/courier-imap/AUTHORS /usr/share/doc/packages/courier-imap/BUGS /usr/share/doc/packages/courier-imap/COPYING /usr/share/doc/packages/courier-imap/README /usr/share/doc/packages/courier-imap/README.authdebug.html /usr/share/doc/packages/courier-imap/README.authdebug.html.in /usr/share/doc/packages/courier-imap/README.authmysql.html /usr/share/doc/packages/courier-imap/README.authmysql.myownquery /usr/share/doc/packages/courier-imap/README.authpostgres.html /usr/share/doc/packages/courier-imap/README.imap /usr/share/doc/packages/courier-imap/README.ldap /usr/share/doc/packages/courier-imap/README.maildirquota /usr/share/doc/packages/courier-imap/README.sharedfolders /usr/share/man/man1/courierlogger.1.gz /usr/share/man/man1/couriertcpd.1.gz /usr/share/man/man8/courier-imapd.8.gz /var/run/authdaemon.courier-imap /var/run/authdaemon.courier-imap/pid /var/run/authdaemon.courier-imap/pid.lock /var/run/authdaemon.courier-imap/socket /var/run/couriersslcache
I guess mkimapdcert and mkpop3dcert are the commands that you have to run. Run Code: man mkimapdcert and Code: man mkpop3dcert to find out how to use them.
Oh yes, reading man pages make life a lot easier . Actually I tried to use mkimapdcert before, but I have overlooked the .cnf files! Everything is in order now, thanks!
So how would I go about this if I have more than one domain? What I want to do is use Courier IMAP SSL (as per the Ubuntu 6.06 Perfect Setup) with ISPConfig, and avoid that any of the mail users gets the annoying popup when connecting using Thunderbird, Outlook etc. I'm using the mail.domain.dom logic, and would require certificates for 4 domains that I currently host. Thanks in advance for pointing me in the right direction!
Create certificates for one FQDN, something like pop.example.com or imap.example.com, and make your users use this FQDN in their email clients.
generate certs for postfix-dovecot My postfix/dovecot system (fedora 6) has much the same problems as those earlier in the thread. That is, comes up as imap.example.com, untrusted etcetera. How to make new accurate certs for postfix-dovecot? Thanks in advance
Code: # locate dovecot /etc/dovecot.conf /etc/pam.d/dovecot /etc/pki/dovecot /etc/pki/dovecot/certs /etc/pki/dovecot/dovecot-openssl.cnf /etc/pki/dovecot/private /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem /etc/rc.d/init.d/dovecot /etc/rc.d/rc0.d/K35dovecot /etc/rc.d/rc1.d/K35dovecot /etc/rc.d/rc2.d/S65dovecot /etc/rc.d/rc3.d/S65dovecot /etc/rc.d/rc4.d/S65dovecot /etc/rc.d/rc5.d/S65dovecot /etc/rc.d/rc6.d/K35dovecot /usr/lib/dovecot /usr/lib/dovecot/imap /usr/lib/dovecot/lda /usr/lib/dovecot/lib01_acl_plugin.a /usr/lib/dovecot/lib01_acl_plugin.la /usr/lib/dovecot/lib01_acl_plugin.so /usr/lib/dovecot/lib01_convert_plugin.a /usr/lib/dovecot/lib01_convert_plugin.la /usr/lib/dovecot/lib01_convert_plugin.so /usr/lib/dovecot/lib01_quota_plugin.a /usr/lib/dovecot/lib01_quota_plugin.la /usr/lib/dovecot/lib01_quota_plugin.so /usr/lib/dovecot/lib02_trash_plugin.a /usr/lib/dovecot/lib02_trash_plugin.la /usr/lib/dovecot/lib02_trash_plugin.so /usr/lib/dovecot/pop3 /usr/lib/dovecot/imap/lib01_acl_plugin.so /usr/lib/dovecot/imap/lib01_convert_plugin.so /usr/lib/dovecot/imap/lib01_quota_plugin.so /usr/lib/dovecot/imap/lib01_zlib_plugin.a /usr/lib/dovecot/imap/lib01_zlib_plugin.la /usr/lib/dovecot/imap/lib01_zlib_plugin.so /usr/lib/dovecot/imap/lib02_imap_quota_plugin.a /usr/lib/dovecot/imap/lib02_imap_quota_plugin.la /usr/lib/dovecot/imap/lib02_imap_quota_plugin.so /usr/lib/dovecot/imap/lib02_trash_plugin.so /usr/lib/dovecot/lda/lib01_acl_plugin.so /usr/lib/dovecot/lda/lib01_convert_plugin.so /usr/lib/dovecot/lda/lib01_quota_plugin.so /usr/lib/dovecot/lda/lib02_trash_plugin.so /usr/lib/dovecot/pop3/lib01_convert_plugin.so /usr/lib/dovecot/pop3/lib01_quota_plugin.so /usr/libexec/dovecot /usr/libexec/dovecot/checkpassword-reply /usr/libexec/dovecot/deliver /usr/libexec/dovecot/dict /usr/libexec/dovecot/dovecot-auth /usr/libexec/dovecot/gdbhelper /usr/libexec/dovecot/imap /usr/libexec/dovecot/imap-login /usr/libexec/dovecot/pop3 /usr/libexec/dovecot/pop3-login /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/ssl-build-param /usr/sbin/dovecot /usr/sbin/dovecotpw /usr/share/doc/dovecot-1.0 /usr/share/doc/dovecot-1.0/REDHAT-FAQ.txt /usr/share/doc/dovecot-1.0/USE-WIKI-INSTEAD /usr/share/doc/dovecot-1.0/UW-to-Dovecot-Migration /usr/share/doc/dovecot-1.0/auth-protocol.txt /usr/share/doc/dovecot-1.0/auth.txt /usr/share/doc/dovecot-1.0/configuration.txt /usr/share/doc/dovecot-1.0/design.txt /usr/share/doc/dovecot-1.0/examples /usr/share/doc/dovecot-1.0/index.txt /usr/share/doc/dovecot-1.0/mail-storages.txt /usr/share/doc/dovecot-1.0/multiaccess.txt /usr/share/doc/dovecot-1.0/nfs.txt /usr/share/doc/dovecot-1.0/securecoding.txt /usr/share/doc/dovecot-1.0/variables.txt /usr/share/doc/dovecot-1.0/UW-to-Dovecot-Migration/maildir-migration.txt /usr/share/doc/dovecot-1.0/UW-to-Dovecot-Migration/migrate-folders /usr/share/doc/dovecot-1.0/UW-to-Dovecot-Migration/migrate-users /usr/share/doc/dovecot-1.0/UW-to-Dovecot-Migration/perfect_maildir.pl /usr/share/doc/dovecot-1.0/examples/dovecot-ldap.conf /usr/share/doc/dovecot-1.0/examples/dovecot-sql.conf /usr/share/doc/dovecot-1.0/examples/mkcert.sh /usr/share/doc/selinux-policy-2.4.6/html/services_dovecot.html /usr/share/logwatch/default.conf/services/dovecot.conf /usr/share/logwatch/scripts/services/dovecot /var/lib/dovecot /var/lib/dovecot/ssl-parameters.dat /var/lock/subsys/dovecot /var/run/dovecot /var/run/dovecot/auth-worker.10173 /var/run/dovecot/auth-worker.2481 /var/run/dovecot/auth-worker.2632 /var/run/dovecot/dict-server /var/run/dovecot/login /var/run/dovecot/master.pid /var/run/dovecot/login/default /var/run/dovecot/login/ssl-parameters.dat I edited the /etc/pki/dovecot/dovecot-openssl.cnf file, then ran /usr/share/doc/dovecot-1.0/examples/mkcert.sh and it worked perfectly. Note: you will have to remove the two certs that exist already, but the script gives you the file names so you can just rm them.
Hi, I'm working on the same issue. I'm confused - did making your own certs as you specified above actually stop the warnings from the mail client? Self-signed certs aren't trusted so I don't see how that could have helped...? Jon