« 632Part VRunning ServersIf you want to have Fetchmail (Web hosting company)
634Part VRunning ServersSome remote mail servers may refuse (Most popular web site) »

633Chapter 24Running a Mail ServerDebconf will ask you (Web hosting provider)

633Chapter 24Running a Mail ServerDebconf will ask you whether you want to trust the CA certificates by default. In most cases, you will want to select Yes. 3.If you are going to be using a certificate from a CA that is not already recog- nized (this is generally only true if you are running your own CA), place the CApublic certificate in its own file in /etc/ssl/certs/and update the certificatedatabase: # update-ca-certificates4.Generate the private key and certificate signing request, as described inChapter 23. The best location for these files is /etc/ssl/private/. Here sanexample: #cd /etc/ssl/private#umask 0077#openssl genrsa -out mail.key 1024#openssl req -new -key mail.key -out mail.csr5.Get your CSR (Certificate Signing Request) signed and place the certificatein/etc/mail/private/mail.crt. Or, to do a self-signed certificate, do thefollowing: # openssl req -new -x509 -nodes -sha1 -days 365 -key mail.key -out mail.crtMany mail programs will refuse to connect to the server if they do not recognizethe certificate. If you are running your own CA, you can overcome this by distributingthe CA public key to all clients. 6.Concatenate the private key and certificate into a single file: # cd /etc/ssl/private# umask 0077# cat mail.key mail.crt >> mail.pem7.Tell Postfix where to find certificates and keys by adding the following lines tothe end of /etc/postfix/main.cf: smtpd_tls_cert_file = /etc/ssl/private/mail.pemsmtpd_tls_key_file = $smtpd_tls_cert_filesmtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt8.Configure the Postfix daemons to support SSL/TLS by adding -o smtpd_ use_tls=yesto the line in /etc/postfix/master.cfthat starts with smtpd. There will also be three commented-out lines at the end of the file that startwith tlsmgr, smtps, and 587. Uncomment them and remove the -o smtpd_ sasl_auth_enable=yesparameters. When finished, the lines will look some- thing like this: smtp inet n - - - - smtpd -o smtpd_use_tls=yes(there will be quite a few lines in between) # only used by postfix-tlstlsmgr fifo - - n 300 1 tlsmgrsmtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes587 inet n - n - - smtpd -o smtpd_enforce_tls=yesCaution33_
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

This entry was posted on Thursday, November 22nd, 2007 at 4:05 pm and is filed under B5. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply