Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 2nd November 2010, 17:37
bmclean bmclean is offline
Junior Member
 
Join Date: Apr 2010
Posts: 4
Thanks: 1
Thanked 1 Time in 1 Post
Default TLS Signed Certificate Installation

I have installed ISPConfig using the Perfect Server Install for Centos 5.3. Many of our customer's ISP block smtp on port 25 so we decided to enable TLS on port 587. Now when users try to send email they receive a certificate error that the server is using a security certficate that cannot be verified. This isn't really a problem since you can just accept the error (Click "Yes" to continue) but our customers continue to believe that there is an issue.

We have a signed certificate that we have purchased and I am ready to install it on the server. My question is should the certificate be installed on Postfix or on Courier-authlib.

Maybe I'm missing something but the step of the installation process to install courier-authlib I removed the imapd.pem and ipop3d.pem files, edit the imapd.cfg and ipop3d.cnf files and then create new pem files. The certificate error that my users are receiving does not appear to be the certificate from courier-authlib but instead the certificate from postfix.

My /etc/postfix/main.cf contains the following:
Code:
 
 
smtpd_use_tls = yes
smtpd_tls_security_level = may
#
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
A portion of my /etc/posfix/master.cf contains the following:

Code:
 
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
Any help you can provide would be great.
Reply With Quote
Sponsored Links
  #2  
Old 3rd November 2010, 18:00
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
 
Default

Quote:
Originally Posted by bmclean View Post
I have installed ISPConfig using the Perfect Server Install for Centos 5.3. Many of our customer's ISP block smtp on port 25 so we decided to enable TLS on port 587. Now when users try to send email they receive a certificate error that the server is using a security certficate that cannot be verified. This isn't really a problem since you can just accept the error (Click "Yes" to continue) but our customers continue to believe that there is an issue.

We have a signed certificate that we have purchased and I am ready to install it on the server. My question is should the certificate be installed on Postfix or on Courier-authlib.
If you see the certificate error when you send an email, then the certificate must be installed on Postfix. If you get the error when you receive an email, it must be installed on your POP3/IMAP daemon (Courier).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 3 - CentOS 5.4 - SSL Problems!?! owainbaber Installation/Configuration 4 26th July 2011 17:12
Email problem 'Cannot set my user or group id.' (using ISPConfig 3 + OpenSuSE 11.2) urosm Installation/Configuration 5 19th June 2010 22:41
Can all the installation and configuration be automated (Kickstart) gabby Installation/Configuration 0 30th January 2010 19:47
Postfix can't received email from exterior astra2000 Server Operation 5 17th October 2009 23:26
Is my postfix is hacked? bzzik Server Operation 21 15th July 2009 14:13


All times are GMT +2. The time now is 11:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.