Hi, I use dovecot (pop) with gentoo but it's not securize. I would like to use pops but i don't how to do this. I think i have to use certificates... This my dovecot.conf : protocols = imap imaps pop3 pop3s imap_listen = * pop3_listen = * imaps_listen = * pop3s_listen = * ssl_disable = no login = imap login = pop3 default_mail_env = maildir:%h/.maildir mbox_locks = fcntl dotlock auth = default auth_mechanisms = plain auth_userdb = passwd auth_passdb = pam dovecot auth_user = root auth_verbose = yes auth_debug = yes Thanks for your help
On Friday 27 Jan 2006 14:25, mickael.choisnard@free.fr wrote:> Hi, > I use dovecot (pop) with gentoo but it's not securize.Debian Sarge has these options in the default conf file. Should get you started. # Disable SSL/TLS support. #ssl_disable = no # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. #ssl_cert_file = /etc/ssl/certs/dovecot.pem #ssl_key_file = /etc/ssl/private/dovecot.pem # SSL parameter file. Master process generates this file for login processes. # It contains Diffie Hellman and RSA parameters. #ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat # How often to regenerate the SSL parameters file. Generation is quite CPU # intensive operation. The value is in hours, 0 disables regeneration # entirely. #ssl_parameters_regenerate = 24
Hi, I activate ssl in dovecot.conf and i open 995 in my firewall. But when i launch Eudora, i have an error : Server does not support SSL In Eudora, i choose "Required STARTTLS". Where do I have to declare my ssl certificate ? If you don't like Eudora, you can explain me with evolution. # Disable SSL/TLS support. ssl_disable = no # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf ssl_cert_file = /etc/ssl/certs/dovecot.pem ssl_key_file = /etc/ssl/private/dovecot.pem # SSL parameter file. Master process generates this file for login processes. # It contains Diffie Hellman and RSA parameters. ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat # How often to regenerate the SSL parameters file. Generation is quite CPU # intensive operation. The value is in hours, 0 disables regeneration # entirely. ssl_parameters_regenerate = 24 # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and # IPv6 ::1 addresses are considered secure, this setting has no effect if # you connect from those addresses. disable_plaintext_auth = yes