Assuming you've specified the IMAP/POP3 server using the hostname, and not the IP, then the problem you're having is the certificate being used by Dovecot doesn't match your domain.
SteveM is correct above in that you want your Postfix domain to match the dovecot domain name based upon your described setup, however, the domain mismatch will NOT affect just retrieving (IMAP/POP3) mail.
Generate a new self-signed key, reconfigure Dovecot, and then restart Dovecot:
1. Generate new key:
# openssl genrsa -des3 -out hostname.key 2048
Specify any password when asked, it will be removed later. 'hostname.key' can be whatever you want to name your key file.
2. Generate certificate signing request:
# openssl req -new -key ./hostname.key -out hostname.csr
Specify as much or as little information that you want to. Common Name is REQUIRED. This is the hostname as your server will identify itself as. This is the source of your current problem. Be sure to specify mail.krueckeberg.org for the Common Name when asked.
3. Remove password from key so Dovecot can start-up cleanly.
a. Backup key for safe-keeping.
# mv hostname.key hostname.key.withpassword
# chmod 0400 hostname.key.withpassword
# chown root:root hostname.key.withpassword
b. Remove password
# openssl rsa -in hostname.key.withpassword -out hostname.key
4. Self-sign your certificate request (all one line)
# openssl x509 -req -days 365 -in hostname.csr -signkey hostname.key -out hostname.crt
5. Place your key file (and backup), csr (optionally) and crt in the appropriate/preferred location on your server.
6. Modify /etc/dovecot.conf (or wherever your dovecot.conf file is located):
ssl_disable = no
ssl_cert_file = /path/to/your/hostname.crt
ssl_key_file = /path/to/your/hostname.key
ssl_ca_file = /path/to/your/cacert.crt
See notes below about cacert.crt file. May need to leave this off if this is a self-signed certificate, can't remember off-hand.
7. Modify /etc/postfix/main.cf (or wherever your main.cf is located) to reference your new SSL certs for Postfix as well. You may or may not need the cacert line in your config. I have one because I am using a free SSL certificate from either Startcom SSL or CACert. The cacert file comes from their site if you use one of them. If this is self-signed, leave it out.
## as client (outbound SMTP traffic) (smtp)
smtp_tls_cert_file = /path/to/your/hostname.crt
smtp_tls_key_file = /path/to/your/hostname.key
smtp_tls_CAfile = /etc/pki/postfix/cacert.crt
## as server (inbound SMTP traffic) (smtpd)
smtpd_tls_cert_file = /path/to/your/hostname.crt
smtpd_tls_key_file = /path/to/your/hostname.key
smtpd_tls_CAfile = /path/to/your/cacert.crt
smtpd_use_tls = yes
8. Restart Dovecot & Postfix, test & verify functionality, including ability to send/receive email, and relay SMTP traffic to/from host.
Hope that helps! Let me know if you run into problems.
Last edited by skavoovie; 09-06-2007 at 07:24 PM.
|