Setting up secured email

Status
Not open for further replies.
N

nvomedia

Verified User
Joined
Aug 17, 2015
Messages
12
Hi,

I'm trying to setup secure email via POP3 and IMAP. I have found some threads on this forum but I can't getting it 'up and running'.
- http://forum.directadmin.com/showthread.php?t=27796
- http://forum.directadmin.com/archive/index.php/t-8627.html

I have bought a SSL cert for the domain mail.domain.nl. Placed the files in /home/admin/crt/mail.domain.nl.cert and .key
I have edited the dovecot.conf file:
Code: 
- protocols: added imaps and pop3s
- ssl_cert = /home/admin/crt/mail.domain.nl.cert
- ssl_key = /home/admin/crt/mail.domain.nl.key
I have edited exim.conf:
Code: 
- tls_certificate: /home/admin/crt/mail.domain.nl.cert
- tls_privatekey: /home/admin/crt/mail.domain.nl.key

Restarted the server through the controlpanel.
When I want to connect via IMAP in Outlook I get an timeout, connecting via POP3 fails directly (connection interrupted)

Who can help me with this issue? Maybe there is an full tutorial available?
 
Last edited:
Thanks for your reply. I did the following:

Added the following lines to /etc/dovecot/dovecot.conf
Code: 
local_name mail.domain.nl {
  ssl_cert = </etc/mail.domain.crt
  ssl_key = </etc/mail.domain.key
}

ssl_ca = /etc/mail.domain_root.crt

I comment out the other lines with points to /etc/exim.crt and exim.key

in /etc/exim.conf I have added the following
Code: 
tls_privatekey = ${if exists{/etc/exim.key.${tls_sni}}{/etc/exim.key.${tls_sni}}{/etc/exim.key}}
tls_certificate = ${if exists{/etc/exim.cert.${tls_sni}}{/etc/exim.cert.${tls_sni}}{/etc/exim.cert}}

And deleted the other lines with tls_privatekey and tls_certificate

restarted the services dovecot and exim, and after a few tries (some troubles with file permissions) I'm able to send a mail via SMTP and TLS. But IMAP and POP3 are still not working. In the exim mainlog I found the folllowing:
(emailadress is a test account, so it wil be deleted after evertything is working)

Code: 
2016-10-12 09:20:42 1buDqE-0002Pq-IP <= [email protected] H=xxxxxxxxxx (PCNIEK) [62.251.54.24] P=smtps X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 S=669 T="Testbericht van Microsoft Outlook" from <[email protected]> for [email protected]
2016-10-12 09:20:42 1buDqE-0002Pq-IP == [email protected] R=domain_filter defer (-1): bad mode (0100777) for /etc/virtual/juweliermail.nl/filter: 022 bit(s) unexpected

What is going wrong?
 
The error you provided does not relate to IMAP/POP at all. Your phrase "IMAP and POP3 are still not working" is too ambiguous and does not clarify anything. There might be numerous reasons on why connection to IMAP or POP3 failes, of course if it's a matter of failed connection... or is it a matter of wrong SSL cert?

If you want that we answer your question either provide more details, or we should check your server from inside. I've personally followed the guides several times and they worked in my case. What exactly is wrong on your side is beyond my knowledge.
 
Changed something in the conf files and now I get the following error:

2016-10-12 17:10:00 TLS error on connection from xxxxxx (PCNIEK) [62.251.54.24] (SSL_CTX_use_certificate_chain_file file=/etc/.crt): error:02001002:system library:fopen:No such file or directory

in exim.conf I have the following code:

Code: 
tls_certificate = /etc/${tls_in_sni}.crt
tls_privatekey = /etc/${tls_in_sni}.key

When I look to the error, it looks ${tls_in_sni} is empty. I have enabled SNI for using Let's Encrypt. Maybe you can help me with this error?

Edit: Forget that. Since I'm only use IMAP and POP3 via one domainame, I didn't need the ${tls_in_sni}
I have edited that, but the orginal error is back (R=domain_filter defer (-1): bad mode (0100777) for /etc/virtual/juweliermail.nl/filter: 022 bit(s) unexpected)
 
Last edited:
If you host only one domain on your server then simply use the default exim.conf and dovecot.conf, and add you domains into /usr/local/directadmin/conf/ca.san_config and re-request the cert for hostname.
 
How can I restore the default exim and dovecot.conf ? I Forgot to made a backup from those files.

EDIT: restored files to default settings, but email isn't working yet. Since the server isn't in full production yet, I decided to reinstall Directadmin through my ISP. Thank you for your help!
 
Last edited:
EDIT: restored files to default settings, but email isn't working yet
Click to expand...

Please consider that you won't get much help here if your posts consists only of phrases like "it does not work". Posting here you should provide as much details as possible including:

1. steps you do to get an error
2. full text of all errors you get there

Sometimes we will need to see configs and logs as well. Without detailed explanation of an issue you most likely will be suggested to read a FAQ, guide or hire somebody to fix it for you. So please if you want that we help you, be so kind and help us to understand what is making you to worry.

Good luck ;)
 
Status
Not open for further replies.
Back
Top