How to setup iPhone 3GS with Postfix + Dovecot + SSL

Post date: Dec 31, 2011 1:57:50 PM

How to setup iPhone 3GS/Postfix/Dovecot/SSL

Info

GOAL: To have a single document that outlines how to set up an iPhone with Postfix and Dovecot utilizing SSL.

NOTES: Many of the steps were taken from the links at bottom. This may work with other versions of iPhones, but since I have not tested them, I cannot confirm it will work.

REQUIREMENTS: iPhone 3GS, dovecot 1.2.11 and postfix 2.6.5 or later.

Specifications

Distribution: Debian Testing

Architecture: 64-bit

Outline

1. Setup dovecot for retrieval e-mail.

2. Setup postfix for sending e-mail.

HOW TO RETRIEVE E-MAIL TO IPHONE

1. Creating a private key

openssl genrsa -out ca.key 1024

2. Create a Certificate Signing Request (CSR) to request certificate from external certification

openssl req -new -key ca.key -out ca.csr

3. How to create self-signed certificate

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

4. This will create 3 files:

-rw-r--r-- 1 abc users 924 2010-03-18 05:51 ca.crt

-rw-r--r-- 1 abc users 729 2010-03-18 05:51 ca.csr

-rw-r--r-- 1 abc users 887 2010-03-18 05:49 ca.key

5. Copy these following files to the SSL directory containing the cert/private keys respectively

sudo cp ca.crt /etc/ssl/certs/dovecot.pem

sudo cp ca.key /etc/ssl/private/dovecot.pem

7. Edit dovecot.conf and ensure protocols includes imaps

protocols = imap imaps

8. Ensure that the ssl_cert_file and ssl_key_file parameters are pointing to the right SSL certs created earlier

ssl_cert_file = /etc/dovecot/certs/dovecot.pem

ssl_key_file = /etc/dovecot/private/dovecot.pem

9. Additionally, make sure the client auth is in included (copy/paste below)

# It's possible to export the authentication interface to other programs:

socket listen {

master {

# Master socket provides access to userdb information. It's typically

# used to give Dovecot's local delivery agent access to userdb so it

# can find mailbox locations.

path = /var/run/dovecot/auth-master

mode = 0600

# Default user/group is the one who started dovecot-auth (root)

#user =

#group =

}

client {

# The client socket is generally safe to export to everyone. Typical use

# is to export it to your SMTP server so it can do SMTP AUTH lookups

# using it.

path = /var/spool/postfix/private/auth

mode = 0660

user = postfix

group = postfix

}

9. Make sure port 993/tcp (IMAPS) is allowed on the firewall

10. In the postfix main.cf configuration, add/modify the following parameters

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

11. Restart dovecot and postfix, then try and read your e-mail from your iPhone.

HOW TO SEND E-MAIL FROM IPHONE

1. Edit /etc/postfix/main.cf, ensure the SSL/TLS sections looks like this:

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $mydomain

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem

smtpd_tls_key_file = /etc/ssl/private/dovecot.pem

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_use_tls = yes

broken_sasl_auth_clients = yes

2. Also in /etc/postfix/main.cf, setup access for SASL authenticated connections

smtpd_recipient_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

reject_unauth_destination

3. In /etc/postfix/master.cf, ensure the following lines are in place:

smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

tlsmgr unix - - - 1000? 1 tlsmgr

4. Restart postfix, try to send an e-mail from iPhone using SSL!

Ran test (it worked)!

LINKS:

[1] http://blog.taragana.com/index.php/archive/openssl-how-to-create-self-signed-certificate/

[2] http://blog.taragana.com/index.php/archive/dovecot-how-to-enable-secure-ssl-imap-pop3-with-free-self-signed-certificate/

[3] http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html

[4] http://www.thehypervisor.com/2008/07/howto-ubuntu-virtual-mail-host-part-2/