I've decided to look into configuring an email server with SSL support as an academic exercise. From what I've seen in various articles, it's not for the faint hearted!
My setup is:
Virtualbox on Windows 7
A CentOS 6.6 x64 VM fully updated
hostname = maily
hostname -f = maily.example.int
static IP address = 192.168.3.141 / 24
iptables disabled (currently)
I have followed the example on Digitalocean (https://www.digitalocean.com/community/ ... th-dovecot) which, whilst aimed at Ubuntu, has allowed me to be able to send mail via the terminal between my configured users. I decided to use this tutorial as it uses SSL, Postfix, Dovecot and subsequently PostgreSQL I can telnet into the SMTP server and send mail via the terminal but I can't telnet into the IMAP server nor can I configure an email client to access the IMAP server.
My configurations are
Code: Select all
/etc/postfix/main.cf
myhostname = maily.example.int
myorigin = $mydomain
mydestination = maily.example.int, example.int, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
Code: Select all
/etc/postfix/master.cf
smtp inet n - n - - smtpd
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=no
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
Code: Select all
/etc/dovecot/dovecot.conf
disable_plaintext_auth = no
auth_debug_passwords=yes
mail_privileged_group = mail
mail_location = mbox:~/mail:INBOX=/var/mail/%u
userdb {
driver = passwd
}
passdb {
args = %s
driver = pam
}
protocols = " imap"
protocol imap {
mail_plugins = " autocreate"
}
plugin {
autocreate = Trash
autocreate2 = Sent
autosubscribe = Trash
autosubscribe2 = Sent
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl=required
ssl_cert = </etc/ssl/certs/mailcert.pem
ssl_key = </etc/ssl/private/mail.key
Code: Select all
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
1 login john@example.int Pa$$word
1 NO [AUTHENTICATIONFAILED] Authentication failed.
Code: Select all
May 16 15:53:33 maily dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
May 16 15:53:33 maily dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
May 16 15:53:33 maily dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
May 16 15:53:33 maily dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
May 16 15:53:33 maily dovecot: auth: Debug: auth client connected (pid=14730)
May 16 15:54:17 maily dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=57568#011resp=AGNvbmRvckBleGFtcGxlLmludABTdXBlcjEyM1Zpc29y
May 16 15:54:17 maily dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
May 16 15:54:17 maily dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
May 16 15:54:17 maily dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
May 16 15:54:17 maily dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
May 16 15:54:17 maily dovecot: auth: Debug: pam(john@example.int,127.0.0.1): lookup service=imap
May 16 15:54:17 maily dovecot: auth: Error: pam(john@example.int,127.0.0.1): pam_authenticate() failed: Authentication failure (/etc/pam.d/imap missing?)
May 16 15:54:19 maily dovecot: auth: Debug: client out: FAIL#0111#011user=john@example.int
Sorry to have gone on for so long, but I know that experts here like to have as much information as possible to be able to offer useful advice. I just hope that what I've provided is relevant!
Thanks for your time and patience!