Adding virtual mail domains on CENTOS 7

Posted: June 8, 2015 in Linux

In previous article we installed DNS service.Now,we can leverage our infrastucture to install and configure mail services.

First,we need MX record in DNS,so we can send mail to specific domain.As example,i used fictitous domain,

bigfirm.info,as example.

In zone file (example.com.db) add mail record for zone bigfirm.info:

Untitled1

MX stands for Mail Exchange record,10 is priority number (if,for one zone exist more than one mail server,this number defines priority in serving client requests (server with lower number has a precedence)

Then we need to install packages:

yum install dovecot dovecot-mysql mariadb-server* cyrus-sasl*  postfix -y

Edit /etc/postfix/main.cf file (only changes posted)

smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_local_domain=
smtpd_sasl_security_options=noanonymous
broken_sasl_auth_clients=yes
smtpd_sasl_auth_enable=yes
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level=may
smtpd_tls_security_level=may
smtp_tls_note_starttls_offer=yes
smtpd_tls_loglevel=1
smtpd_tls_key_file=/etc/pki/tls/certs/serverkey.pem   #we will create keys and
smtpd_tls_cert_file=/etc/pki/tls/certs/servercert.pem   # certificate later
smtpd_tls_received_header=yes
smtpd_tls_session_cache_timeout=3600s
tls_random_source=dev:/dev/urandom

virtual_mailbox_domain=mysql:/etc/postfix/vd.cf        # where should
virtual_mailbox_maps=mysql:/etc/postfix/vm.cf          #look for virtual domains
virtual_alias_maps=mysql:/etc/postfix/va.cf               # and email-addressess

myhostname = server1.example.com   #server FQDN

myorigin = $myhostname

inet_interfaces = all   #set postfix to listen on all interfaces
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,server1.example.com

mynetworks_style = subnet

mynetworks = 192.168.122.0/24, 127.0.0.0/8

edit /etc/postfix/master.cf

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: “man 5 master”).
#
# Do not forget to execute “postfix reload” after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n – n – – smtpd
#smtp inet n – n – 1 postscreen
#smtpd pass – – n – – smtpd
#dnsblog unix – – n – 0 dnsblog
#tlsproxy unix – – n – 0 tlsproxy
submission inet n – n – – smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING
smtps inet n – n – – smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING
#628 inet n – n – – qmqpd
pickup unix n – n 60 1 pickup
cleanup unix n – n – 0 cleanup
qmgr unix n – n 300 1 qmgr
#qmgr unix n – n 300 1 oqmgr
tlsmgr unix – – n 1000? 1 tlsmgr
rewrite unix – – n – – trivial-rewrite
bounce unix – – n – 0 bounce
defer unix – – n – 0 bounce
trace unix – – n – 0 bounce
verify unix – – n – 1 verify
flush unix n – n 1000? 0 flush
proxymap unix – – n – – proxymap
proxywrite unix – – n – 1 proxymap
smtp unix – – n – – smtp
relay unix – – n – – smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n – n – – showq
error unix – – n – – error
retry unix – – n – – error

discard unix – – n – – discard
local unix – n n – – local
virtual unix – n n – – virtual
lmtp unix – – n – – lmtp
anvil unix – – n – 1 anvil
scache unix – – n – 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix – n n – – pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

# Recent Cyrus versions can use the existing “lmtp” master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd=”lmtpd -a” listen=”localhost:lmtp” proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix – n n – – pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix – n n – – pipe

# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix – n n – – pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender – $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix – n n – – pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix – n n – – pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix – n n – 2 pipe

# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix – n n – – pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}

in file/etc/dovecot/dovecot.conf

uncoment line: protocols = imap pop3 lmtp

open /etc/dovecot/conf.n/10-mail.conf

edit lines:

mail_location = maildir:/var/mail/vhosts/%d/%n/

mail_privileged_group = vmail  # we also will create this group later

uncomment following lines in /etc/dovecot/conf.d/10-auth.conf

#!include auth-deny.conf.ext
#!include auth-master.conf.ext
#!include auth-system.conf.ext
!include auth-sql.conf.ext      #uncomenting this line enables MYSQL authentication
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext

Edit /etc/dovecot/conf.d/auth-sql.conf.ext file:(changes are bold)
#!include auth-vpopmail.conf.ext
#!include auth-static.c

# Authentication for SQL users. Included from 10-auth.conf.
#
# <doc/wiki/AuthDatabase.SQL.txt>

passdb {
driver = sql

# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /etc/dovecot/dovecot-sql.conf.ext
}

# “prefetch” user database means that the passdb already provided the
# needed information and there’s no need to do a separate userdb lookup.
# <doc/wiki/UserDatabase.Prefetch.txt>
#userdb {
# driver = prefetch
#}

#userdb {

#userdb {
# driver = sql
# args = /etc/dovecot/dovecot-sql.conf.ext
#}

# If you don’t have any user-specific settings, you can avoid the user_query
# by using userdb static instead of userdb sql, for example:
# <doc/wiki/UserDatabase.Static.txt>
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/vmail/vhosts/%d/%n
}

By default dovecot-sql.conf.ext file is not present in /etc/dovecot folder,so we need to copy

example file first:

cp /usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext
/etc/dovecot/

Uncomment and edit following lines:

driver = mysql

connect = host=127.0.0.1 dbname=mail user=maria_admin password=1234

default_pass_scheme = SHA512-CRYPT

password_query = SELECT email AS user, password FROM virtual_users WHERE email = ‘%u’

Password query uses email address from mail database as credential for email account

Edit /etc/dovecot/conf.d/10-master.conf:

Enable ports 143,993 and 995 and ssl by uncommenting:

service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}

inet_listener pop3s {
port = 995
ssl = yes
}

# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user=postfix
group=postfix
}

Let’s point dovecot to SSL key and cert:

Open /etc/dovecot/conf.d/10-ssl.conf

ssl=required

ssl_cert = </etc/pki/tls/certs/servercert.pem
ssl_key = </etc/pki/tls/certs/serverkey.pem

Let’s create these key and cert now:

openssl req -new -x509 -nodes -out /etc/pki/certs/servercert.pem -keyout /etc/pki/certs/serverkey.pem -days 365

This would be self-signed certificate,as server name set FQDN of your mail server

Now we need to create “virtual” user who will be reading mail from our server:

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/mail

Create the folder for the domain:
mkdir -p /var/mail/vhosts/bigfirm.info

change ownership to mail user:
chown -R vmail:vmail /var/mail

chown -R vmail:dovecot /etc/dovecot
change permissions:
chmod -R o-rwx /etc/dovecot

MariaDB:

First,configure MySQL server to accept requests from localhost:

Open /etc/my.cnf and in section [mysqld]

add bind-address=127.0.0.1

Then,perform initial setup (set password,limit database access…):
mysql_secure_installation

now create out database

[root@server1 ~]# mysql -u root -p
Enter password:

MariaDB [(none)]> create database mail

MariaDB [(none)]> use mail;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [mail]>

We will create user (maria_admin),password 1234,and grant him SELECT,INSERT and UPDATE rights in mail database

MariaDB [mail]>grant select,insert,update on mail.* to ‘maria_admin’@’127.0.0.1’ identified by ‘1234’;

Creating table for our virtual domains:

MariaDB [mail]> create table virtual_domains (id int(11) not null auto_increment,name varchar(50) not null,primary key (id));

create table which will contain database id (result from virtual_domains table,username and hashed user password:

MariaDB [mail]> create table virtual_users (id int(11) not null auto_increment,domain_id int (11) not null,password varchar(106) not null,email varchar(100) not null,primary key (id),unique key email (email));

create aliases for our users

MariaDB [mail]> create table virtual_aliases (id int(11) not null auto_increment,domain_id int (11) not null,source varchar(100) not null,destination varchar(100) not null,primary key (id));

Populate our tables:

MariaDB [mail]> insert into virtual_domains (id,name) values (‘1′,’bigfirm.info’);

MariaDB [mail]>insert into virtual_users (id,domain_id,password,email) values (‘1′,’1’,encrypt(‘1234’,concat(‘$6$,subtring(sha(rand()),-16))),’joker@bigfirm.info’);

MariaDB [mail]> insert into virtual_aliases (id,domain_id,source,destination) values (‘1′,’1′,’alias@bigfirm.info’,’joker@bigfirm.info’);

Now we need to create files for virtual domains (these files are entered in /etc/postfix/main.cf file)

vi /etc/postfix/vd.cf (this will create new file):

user=maria_admin
password=1234
hosts=127.0.01
dbname=mail
query=select 1 from virtual_domains where name=’%s’

save &exit

select 1 will simply return 1 if domain exists (like true or false)

Create file for virtual mailbox:

vi /etc/postfix/vm.cf (this will create new file):

user=maria_admin
password=1234
hosts=127.0.0.1
dbname=mail
query=select 1 from virtual_users where email=’%s’

Aliases:

vi /etc/postfix/va.cf (this will create new file):

user=maria_admin
password=1234
hosts=127.0.0.1
dbname=mail
query=select destination from virtual_aliases where source=’%s’

Now test files for errors:

[root@server1 postfix]# postmap -q bigfirm.info mysql:/etc/postfix/vd.cf
1

[root@server1 postfix]# postmap -q joker@bigfirm.info mysql:/etc/postfix/vm.cf
1

[root@server1 postfix]# postmap -q alias@bigfirm.info mysql:/etc/postfix/va.cf
joker@bigfirm.info

open ports:

firewall-cmd –add-port=25/tcp –permanent

firewall-cmd –add-port=465/tcp –permanent

firewall-cmd –add-port=587/tcp –permanent

firewall-cmd –add-port=993/tcp –permanent

firewall-cmd –add-port=995/tcp –permanent

firewall-cmd –reload

start saslauthd,postfix,dovecot and mariadb services

Check /var/log/maillog

var/log/messages for errors,if SELinux prevents starting Dovecot service (sys_resources)

create SELinux policy to allow dovecot access to sys_resources

yum install policycoreutils
yum install policycoreutils-python  
yum install policycoreutils-devel  
mkdir -p /root/local-policy-modules/epmail
cd /root/local-policy-modules/epmail
grep "dovecot"  /var/log/audit/audit.log > mail.log  #filter SELinux denial regarding dovecot,it’s our policy definition

Now  create your policy module:

 

audit2allow -m mail < mail.log > mail.te #translates SELinux audit messages into a description of why the access was denied,generate module called mail based on
AVC denial from mail.log.file and creates type enforcment file  (mail.te)
checkmodule -M -m -o mail.mod mail.te  #compiles the policy,enable the MLS/MCS support when checking and compiling the policy module (-M),Generate a non-base policy module (-m),writes a binary policy module file to the specified filename (-o mail.mod) based on mail.te file
semodule_package -o mail.pp -m mail.mod # create a SELinux policy module package (-o mail.pp),from a binary policy module (-m mail.mod)
semodule -i mail.pp  #Finally installs module package (-i mail.pp) created in prevous step
Connectivity check:
[root@server1 postfix]# telnet server1.example.com 25
Trying 192.168.122.200…
Connected to server1.example.com.
Escape character is ‘^]’.
220 server1.example.com ESMTP Postfix
ehlo server1
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS                    #  these 3 mechanism needs to be shown
250-AUTH PLAIN LOGIN    #
250-AUTH=PLAIN LOGIN    #
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

[root@server1 postfix]# openssl s_client -connect server1.example.com:465
CONNECTED(00000003)
depth=0 C = SR, ST = ZEMOON, L = BELGRADE, O = company, OU = organization, CN = server1.example.com, emailAddress = admin@example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = SR, ST = ZEMOON, L = BELGRADE, O = company, OU = organization, CN = server1.example.com, emailAddress = admin@example.com
verify return:1

Certificate chain
0 s:/C=SR/ST=ZEMOON/L=BELGRADE/O=company/OU=organization/CN=server1.example.com/emailAddress=admin@example.com
i:/C=SR/ST=ZEMOON/L=BELGRADE/O=company/OU=organization/CN=server1.example.com/emailAddress=admin@example.com

Server certificate
—–BEGIN CERTIFICATE—–
MIIECTCCAvGgAwIBAgIJAMztYAgI6xUNMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
VQQGEwJTUjEPMA0GA1UECAwGWkVNT09OMREwDwYDVQQHDAhCRUxHUkFERTEQMA4G
A1UECgwHY29tcGFueTEVMBMGA1UECwwMb3JnYW5pemF0aW9uMRwwGgYDVQQDDBNz
ZXJ2ZXIxLmV4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxl
LmNvbTAeFw0xNTA2MDcyMDU1MzBaFw0xNjA2MDYyMDU1MzBaMIGaMQswCQYDVQQG
EwJTUjEPMA0GA1UECAwGWkVNT09OMREwDwYDVQQHDAhCRUxHUkFERTEQMA4GA1UE
CgwHY29tcGFueTEVMBMGA1UECwwMb3JnYW5pemF0aW9uMRwwGgYDVQQDDBNzZXJ2
ZXIxLmV4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALF2cqU0u1R3ChiVkppz
lAma3PbRQe/jTGAlrplHnvZm8z8tGcLUutXbvUfJw2ygx7uHBpCtRpnr9d8rvL98
67fmtHtlJO0jTew28IjeJGTR0BhL9ooo7/begh56PervLzgVskZsOBlAqYI4ZzZj
YfDBrnHsRDpvbeBplqB0rC7CjIUo9cTaRUloxK4oYNiv79s1bHg+jAY8OneQ8SJc
uMqo8ciCcwXpmyTGRDPV2wgOeoIZXUqORnGiAU2jBdEqKWXWnLqsr65z6xcz+AJB
ZhQawaTeX4jngTNwkS1quW4WXJ9evfW7xAd1CtdagMl0nkTDS46hAifhoYDTXPHC
7ssCAwEAAaNQME4wHQYDVR0OBBYEFJfTOt1stzEmRvC7t3wIljSuGUoCMB8GA1Ud
IwQYMBaAFJfTOt1stzEmRvC7t3wIljSuGUoCMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAAmb8ctZRVYDydNm30bcMwE+dhRE22xYzR1vFObucnjcRb+Q
0bkk6/5VedvDeXiztzIrfRmK0LglGjuQat5jVI0e7AJVyTciYng2i9FS0PkylYzd
dtUIdRj5dB5BDDTWFXrxHUb9jRsKC4hfTvYTthMe3YLOjDoBOaz/2G2/l1R7b5Im
l32sHy2nugv6byQwyiSasSlX6eqW+k+P5ehgqtvkLl1eezbmcGzkfq/2dkjGNs+W
jeITOCHxUbogvVzxsLHPyrbPs/ITrkxYUIWIA9ajVecHav5i2RF6U4qnBoukO9WZ
l8V5WHc+K2RrYTFa+m6TSZxplrJ84QWIlOpxgEs=
—–END CERTIFICATE—–
subject=/C=SR/ST=ZEMOON/L=BELGRADE/O=company/OU=organization/CN=server1.example.com/emailAddress=admin@example.com
issuer=/C=SR/ST=ZEMOON/L=BELGRADE/O=company/OU=organization/CN=server1.example.com/emailAddress=admin@example.com

No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits

SSL handshake has read 1696 bytes and written 375 bytes

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: DF8E7A76E90800C47914B0DECC59530D980A4C0F61276C41D9B7F84784DA118D
Session-ID-ctx:
Master-Key: BDD1FE0DA2E732C60790A14D905853B09DEC0EF6C556089C0110A67983377A29C57BDDD77AE4A89F0C5FEBA67A8D2A36
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 – 70 2c 9f ea b3 7e 03 1c-ba 1c c1 e4 7c 65 83 80 p,…~……|e..
0010 – bf de 7d d3 6c 46 37 5a-0c d9 31 f4 d9 e1 4c 23 ..}.lF7Z..1…L#
0020 – 8f 52 5e 63 16 9b af e3-c7 b4 a9 75 14 c9 60 7c .R^c…….u..`|
0030 – 5e 2e 4e b1 53 72 6d f4-42 15 71 65 46 b7 40 f8 ^.N.Srm.B.qeF.@.
0040 – 72 a8 3e d4 bd db de d9-3d 5e ec df 3f 0d 31 48 r.>…..=^..?.1H
0050 – e1 31 73 79 54 22 c1 d8-ae 36 0f 62 af 7b c6 6d .1syT”…6.b.{.m
0060 – a0 43 e7 cc 4d bc 83 48-aa f8 52 38 ac 99 88 17 .C..M..H..R8….
0070 – 8b 74 8e 5a 9e 61 d1 71-3e 84 76 b8 43 5d c1 0c .t.Z.a.q>.v.C]..
0080 – 79 5f fa 03 29 7e 49 36-3a fc e0 70 85 af 81 24 y_..)~I6:..p…$
0090 – 31 0f 9d 83 e4 8b b2 db-ba c7 8d 31 6c 68 4a d4 1……….1lhJ.

Start Time: 1433801421
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)

220 server1.example.com ESMTP Postfix

[root@server1 postfix]# openssl s_client -connect server1.example.com:993
CONNECTED(00000003)
depth=0 C = SR, ST = ZEMOON, L = BELGRADE, O = company, OU = organization, CN = server1.example.com, emailAddress = admin@example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = SR, ST = ZEMOON, L = BELGRADE, O = company, OU = organization, CN = server1.example.com, emailAddress = admin@example.com
verify return:1

Certificate chain
0 s:/C=SR/ST=ZEMOON/L=BELGRADE/O=company/OU=organization/CN=server1.example.com/emailAddress=admin@example.com
i:/C=SR/ST=ZEMOON/L=BELGRADE/O=company/OU=organization/CN=server1.example.com/emailAddress=admin@example.com

Server certificate
—–BEGIN CERTIFICATE—–
MIIECTCCAvGgAwIBAgIJAMztYAgI6xUNMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
VQQGEwJTUjEPMA0GA1UECAwGWkVNT09OMREwDwYDVQQHDAhCRUxHUkFERTEQMA4G
A1UECgwHY29tcGFueTEVMBMGA1UECwwMb3JnYW5pemF0aW9uMRwwGgYDVQQDDBNz
ZXJ2ZXIxLmV4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxl
LmNvbTAeFw0xNTA2MDcyMDU1MzBaFw0xNjA2MDYyMDU1MzBaMIGaMQswCQYDVQQG
EwJTUjEPMA0GA1UECAwGWkVNT09OMREwDwYDVQQHDAhCRUxHUkFERTEQMA4GA1UE
CgwHY29tcGFueTEVMBMGA1UECwwMb3JnYW5pemF0aW9uMRwwGgYDVQQDDBNzZXJ2
ZXIxLmV4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALF2cqU0u1R3ChiVkppz
lAma3PbRQe/jTGAlrplHnvZm8z8tGcLUutXbvUfJw2ygx7uHBpCtRpnr9d8rvL98
67fmtHtlJO0jTew28IjeJGTR0BhL9ooo7/begh56PervLzgVskZsOBlAqYI4ZzZj
YfDBrnHsRDpvbeBplqB0rC7CjIUo9cTaRUloxK4oYNiv79s1bHg+jAY8OneQ8SJc
uMqo8ciCcwXpmyTGRDPV2wgOeoIZXUqORnGiAU2jBdEqKWXWnLqsr65z6xcz+AJB
ZhQawaTeX4jngTNwkS1quW4WXJ9evfW7xAd1CtdagMl0nkTDS46hAifhoYDTXPHC
7ssCAwEAAaNQME4wHQYDVR0OBBYEFJfTOt1stzEmRvC7t3wIljSuGUoCMB8GA1Ud
IwQYMBaAFJfTOt1stzEmRvC7t3wIljSuGUoCMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAAmb8ctZRVYDydNm30bcMwE+dhRE22xYzR1vFObucnjcRb+Q
0bkk6/5VedvDeXiztzIrfRmK0LglGjuQat5jVI0e7AJVyTciYng2i9FS0PkylYzd
dtUIdRj5dB5BDDTWFXrxHUb9jRsKC4hfTvYTthMe3YLOjDoBOaz/2G2/l1R7b5Im
l32sHy2nugv6byQwyiSasSlX6eqW+k+P5ehgqtvkLl1eezbmcGzkfq/2dkjGNs+W
jeITOCHxUbogvVzxsLHPyrbPs/ITrkxYUIWIA9ajVecHav5i2RF6U4qnBoukO9WZ
l8V5WHc+K2RrYTFa+m6TSZxplrJ84QWIlOpxgEs=
—–END CERTIFICATE—–
subject=/C=SR/ST=ZEMOON/L=BELGRADE/O=company/OU=organization/CN=server1.example.com/emailAddress=admin@example.com
issuer=/C=SR/ST=ZEMOON/L=BELGRADE/O=company/OU=organization/CN=server1.example.com/emailAddress=admin@example.com

No client certificate CA names sent
Server Temp Key: ECDH, secp384r1, 384 bits

SSL handshake has read 1728 bytes and written 407 bytes

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 596C2B68AEFE32A3732E97EC0EB5105DD8CB899117B9B0EF7A072120ECDDC803
Session-ID-ctx:
Master-Key: 850763F854ADD129B7B8644F8CDBDCC4311E66F5E264A4F116AFC7ECF1F9177141D92E1CD9715357BDEB6DC1CED43E81
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 – 3f 64 c1 b5 1d a5 d8 65-b9 8c cb 7f df 78 34 d8 ?d…..e…..x4.
0010 – 78 b1 0f 98 0c 6d 96 db-e2 44 cc d1 ac 10 73 35 x….m…D….s5
0020 – e6 bf cc a2 ab a8 56 c2-ac 74 f2 cb 3e 54 4c 9d ……V..t..>TL.
0030 – 28 ee 85 df f4 48 00 9d-86 56 81 21 ba ca 53 f3 (….H…V.!..S.
0040 – fb d5 72 5e 80 f1 aa 6f-49 07 f6 1e 77 0f d6 fb ..r^…oI…w…
0050 – 78 1b e0 15 4d 25 68 40-69 5e 44 6c 03 6b 83 a6 x…M%h@i^Dl.k..
0060 – dc ed a9 af 84 b9 9c 93-a9 bb 18 c9 63 46 33 dd …………cF3.
0070 – c7 78 85 c8 69 68 ed 12-46 20 52 2b 8a 0d 19 9a .x..ih..F R+….
0080 – 12 f5 55 02 b8 5b bb 24-cb 84 cb e5 93 87 09 e4 ..U..[.$……..
0090 – e0 c0 91 22 df 5e f2 70-75 32 b0 9a ed 96 6c e0 …”.^.pu2….l.

Start Time: 1433801522
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

Looks good:SSL certificates are bound to 465 and 993 ports

Now configure your mail client and test mail flow.Incoming (993) and outgoing (465) servers are the same,you’ll need to import our self-signed certificate in mail client.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s