OK, I'm guessing these entries were leftover from my 5.6 install with Damien Curtain's securemail rpm's.
in checking out
http://dovecot.procontrol.fi/documentation.html it appears dovecot can do ssl/tls by default. Below is the SSL portion of the example config, with the default parameters shown as examples:
# Protocols we want to be serving:
# imap imaps pop3 pop3s
#protocols = imap imaps
# IP or host address where to listen in for connections. It's not currently
# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4
# interfaces depending on the operating system. You can specify ports with
# "host:port".
#listen = *
# IP or host address where to listen in for SSL connections. Defaults
# to above if not specified.
#ssl_listen =
# Disable SSL/TLS support.
#ssl_disable = no
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#ssl_cert_file = /etc/ssl/certs/dovecot.pem
#ssl_key_file = /etc/ssl/private/dovecot.pem
# SSL parameter file. Master process generates this file for login processes.
# It contains Diffie Hellman and RSA parameters.
#ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat
# How often to regenerate the SSL parameters file. Generation is quite CPU
# intensive operation. The value is in hours, 0 disables regeneration
# entirely.
#ssl_parameters_regenerate = 24
Anyone have a clue as to how to turn all of this on? Does this mean generating cert's, and opening up holes in iptables to allow ssl/tls connections?
help!
9 Replies
1080 Views