Skip to content
This repository has been archived by the owner on Aug 12, 2020. It is now read-only.

Secure Mail Server

Jump to bottom
Ruben Seyferth edited this page Jul 7, 2017 · 9 revisions

Dovecot

Create a new config file /etc/dovecot/conf.d/10-ssl.conf with the following content:

ssl = yes
ssl_cert = </usr/local/psa/var/modules/letsencrypt/etc/live/example.org/fullchain.pem
ssl_key = </usr/local/psa/var/modules/letsencrypt/etc/live/example.org/privkey.pem

Where example.org should be replaced with your domain name.

Restart the service: service dovecot restart

Postfix

Open the config file /etc/postfix/main.cf and append these lines:

smtpd_tls_cert_file = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/fullchain.pem
smtpd_tls_key_file = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/privkey.pem
smtpd_tls_CAfile = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/chain.pem

smtp_tls_cert_file = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/fullchain.pem
smtp_tls_key_file = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/privkey.pem
smtp_tls_CAfile =  /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/chain.pem
smtp_use_tls = yes

Make sure to comment out the original lines. Postfix dosen't have in default added smtp tls lines in config file but they are important to not get you'r emails flagged.

#smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
#smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_cert_file = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/fullchain.pem
smtpd_tls_key_file = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/privkey.pem
smtpd_tls_CAfile = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/chain.pem

smtp_tls_cert_file = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/fullchain.pem
smtp_tls_key_file = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/privkey.pem
smtp_tls_CAfile = /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/chain.pem
smtp_use_tls = yes

Where example.org should be replaced with your domain name.

Restart the service: service postfix restart

Courier

Courier saves it's certificates in /usr/share/imapd.pem and /usr/share/pop3d.pem. Since it needs to have the private key and the certificate chain in one file (and let's encrypt doesn't provice such a file by default), the easiest solution to create a cronjob (scheduled task) in plesk and trigger it some time after the let's encrypt-plugin triggered the certificate renewal.

cat /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/privkey.pem /usr/local/psa/var/modules/letsencrypt/etc/live/example.org/fullchain.pem > /usr/share/imapd.pem && cp /usr/share/imapd.pem /usr/share/pop3d.pem && /etc/init.d/courier-imaps restart && /etc/init.d/courier-pop3s restart

This puts the key and the certificate chain in the imapd.pem, copies imapd.pem to pop3d.pem and restarts both the secure IMAP and the secure POP3-service.

example.org should be replaced with your domain name.

Clone this wiki locally