Disable unneeded ports:
vi /etc/dovecot/dovecot.conf
# Protocols we want to be serving.
#protocols = imap pop3 lmtp
protocols = imaps
Configure SSL:
vi /etc/dovecot/conf.d/10-ssl.conf
Disable unneeded ports:
vi /etc/dovecot/dovecot.conf
# Protocols we want to be serving.
#protocols = imap pop3 lmtp
protocols = imaps
Configure SSL:
vi /etc/dovecot/conf.d/10-ssl.conf
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
# plain imap and pop3 are still allowed for local connections
#ssl = required
ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They’re opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
#ssl_key = </etc/pki/dovecot/private/dovecot.pem
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
More info:
http://wiki.dovecot.org/SSL/DovecotConfiguration
vi /etc/postfix/main.cf
# Enabling SSL/TLS using dovecot SASL
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
# smtpd_tls_CAfile = /etc/pki/tls/root.crt
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
tls_random_exchange_name = /var/lib/postfix/prng_exch
smtpd_tls_auth_only = yes
systemctl restart postfix More info: https://wiki.centos.org/HowTos/postfix_sasl#head-50a7952d755088f3f88df33cdf814800bc42835a
Recent Comments