Syndicate content

Setting up Postfix/Courier with a GoDaddy SSL certificate

In order to have TLS support for Postfix you need to setup several files.

First of all, you create a certificate and get it signed by GoDaddy. They have instructions for that purpose. At this time, it looks something like this:

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

The names "domain.key/csr" should match your domain name. If you are signing a specific sub-domain, you may want to include that sub-domain in the filename (i.e. mail.domain.key.)

When GoDaddy returns to you, they will give you a zip file with two files:

gd_bundle.crt
domain.com.crt

The Postfix installation requires a few flags to get things to work on that end. Something like this should work on Ubuntu. You may want to read the documentation about each one of these options before using them.

smtp_tls_loglevel = 0
smtpd_use_tls = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.org.pem
smtpd_tls_cert_file = /etc/postfix/tls/server.pem
smtpd_tls_key_file = /etc/postfix/tls/key.pem
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

The key.pem file is your private key. The private key starts with the line:

-----BEGIN RSA PRIVATE KEY-----

The server.pem file is a concatenation of the signed public key and GoDaddy bundle. This means:

cat domain.com.crt gd_bundle.crt >server.pem

The .crt file is a public key so it starts with:

-----BEGIN CERTIFICATE-----

The bundle helps the postfix system to find all the necessary certificates.

Once you have that done, you can create the necessary .pem files for courier. We only use IMAP3 and POP3, but I would imadigine that the SMTP file is the same. Those files include all the certificates and keys. All in one.

cat domain.key domain.com.crt gd_bundle.crt >imapd.pem
cp imapd.pem pop3d.pem

Of course, you will have to restart postfix and courier accordingly.

service postfix restart
service courier-imap-ssl restart
service courier-pop-ssl restart

Now it should work. Good luck, you'll probably need it.

Re: Setting up Postfix/Courier with a GoDaddy SSL certificate

Thank you for the write up. Great start but there are inconsistencies in the file names that you are using. Making perfect sense is a bit confusing to follow exactly.

Syndicate content

Diverse Realty

Diverse Realty Team

Want a New Home?
Want to Sell Your House?

Call Alex at
+1 (916)
220 6482

Alexis Wilke, Realtor
Salesperson
Lic. # 02024063

Cory Marcus, Broker
Lic. # 01079165

     

Terms of Site Index

Find the page/content you are looking for with our index.

  • HTML
  • stage
  • strong
  • vsftpd

    Very Secure File Transfer Protocol Daemon, an FTP server that allows people to transfer data between computers. It is marked as very secure, at least it is as secure as an FTP server can be (although there has been several security advisories for this tool...)

    Remember that an FTP transfer is rarely using an encrypted pipe (it is possible to use kerberos and SSL to really secure the data transmission) and also because it uses a data stream opened dynamically, it is possible for hackers to spoof a data connection.

  • word