Hi,
I have setup a mail server with centos 5.6. My setup includes postfix, dovecot and apache with squirrelmail.
I have enabled ssl on httpd with self signed certificates in ssl.conf.
mail users are allowed to login through web (https) only.
I am a bit confused regarding the channel encryption. Do I need to enable TLS in dovecot and postfix as well for complete channel encryption.
Or simple ssl in httpd would be enough for mail encryption over the channel (retrieving mail or posting mail). Pls advise.
Thanks
setup secure mail server
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
setup secure mail server
[quote]
ganni wrote:
I have setup a mail server with centos 5.6.[/quote]
Don't use obsolete/unsupported releases - 5.7 is the current release, and 5.8 is in QA. See the [url=http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.7]CentOS 5.7 Release Notes[/url] for details. By not updating you are implicitly accepting that you will live with, and foisting on your customers, numerous bugs and security issues (and associated known exploits) that have subsequently been fixed.
As far as your questions, it may be my ignorance of mail servers, but I fail to see what Apache https has to do with the mail server usage of encryption.
ganni wrote:
I have setup a mail server with centos 5.6.[/quote]
Don't use obsolete/unsupported releases - 5.7 is the current release, and 5.8 is in QA. See the [url=http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.7]CentOS 5.7 Release Notes[/url] for details. By not updating you are implicitly accepting that you will live with, and foisting on your customers, numerous bugs and security issues (and associated known exploits) that have subsequently been fixed.
As far as your questions, it may be my ignorance of mail servers, but I fail to see what Apache https has to do with the mail server usage of encryption.
Re: setup secure mail server
Thanks for up-gradation suggestion, I can not put my production server on internet for up-gradation as it is in private LAN and is not concern for now.
I have enabled https in apache (httpd) for mail users to login securely from a loginpage of squirrelmail.
Installed mod_ssl (ssl.conf) for the same. My question is " Will that suffice to secure the traffic between the mailusers to server?"
I have a confusion whether the entire communication like fetching mail or posting mail, gets encrypted or only login authentication encrypted in above scenario.
Do I need to enable TLS as well for complete encryption of mail traffic.
Thanks.
I have enabled https in apache (httpd) for mail users to login securely from a loginpage of squirrelmail.
Installed mod_ssl (ssl.conf) for the same. My question is " Will that suffice to secure the traffic between the mailusers to server?"
I have a confusion whether the entire communication like fetching mail or posting mail, gets encrypted or only login authentication encrypted in above scenario.
Do I need to enable TLS as well for complete encryption of mail traffic.
Thanks.