[Untitled]‎ > ‎

How to setup iPhone 3GS with Postfix + Dovecot + SSL

posted Dec 31, 2011, 5:57 AM by Unknown user
How to setup iPhone 3GS/Postfix/Dovecot/SSL

GOAL: To have a single document that outlines how to set up an iPhone with Postfix and Dovecot utilizing SSL.
NOTES: Many of the steps were taken from the links at bottom.  This may work with other versions of iPhones, but since I have not tested them, I cannot confirm it will work.
REQUIREMENTS: iPhone 3GS, dovecot 1.2.11 and postfix 2.6.5 or later.

Distribution: Debian Testing
Architecture: 64-bit

1. Setup dovecot for retrieval e-mail.
2. Setup postfix for sending e-mail.


1. Creating a private key
openssl genrsa -out ca.key 1024

2. Create a Certificate Signing Request (CSR) to request certificate from external certification
openssl req -new -key ca.key -out ca.csr

3. How to create self-signed certificate
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

4. This will create 3 files:
-rw-r--r-- 1 abc users 924 2010-03-18 05:51 ca.crt
-rw-r--r-- 1 abc users 729 2010-03-18 05:51 ca.csr
-rw-r--r-- 1 abc users 887 2010-03-18 05:49 ca.key

5. Copy these following files to the SSL directory containing the cert/private keys respectively
sudo cp ca.crt /etc/ssl/certs/dovecot.pem
sudo cp ca.key /etc/ssl/private/dovecot.pem

7. Edit dovecot.conf and ensure protocols includes imaps
protocols = imap imaps

8. Ensure that the ssl_cert_file and ssl_key_file parameters are pointing to the right SSL certs created earlier
ssl_cert_file = /etc/dovecot/certs/dovecot.pem
ssl_key_file = /etc/dovecot/private/dovecot.pem

9. Additionally, make sure the client auth is in included (copy/paste below)

  # It's possible to export the authentication interface to other programs:
  socket listen {
    master {
      # Master socket provides access to userdb information. It's typically
      # used to give Dovecot's local delivery agent access to userdb so it
      # can find mailbox locations.
      path = /var/run/dovecot/auth-master
      mode = 0600
      # Default user/group is the one who started dovecot-auth (root)
      #user =
      #group =
    client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix

9. Make sure port 993/tcp (IMAPS) is allowed on the firewall

10. In the postfix main.cf configuration, add/modify the following parameters
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

11. Restart dovecot and postfix, then try and read your e-mail from your iPhone.


1. Edit /etc/postfix/main.cf, ensure the SSL/TLS sections looks like this:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_use_tls = yes
broken_sasl_auth_clients = yes

2. Also in /etc/postfix/main.cf, setup access for SASL authenticated connections
smtpd_recipient_restrictions =

3. In /etc/postfix/master.cf, ensure the following lines are in place:
smtps   inet  n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
tlsmgr    unix  -       -       -       1000?   1       tlsmgr

4. Restart postfix, try to send an e-mail from iPhone using SSL!
Ran test (it worked)!