How to setup iPhone 3GS with Postfix + Dovecot + SSL
Post date: Dec 31, 2011 1:57:50 PM
How to setup iPhone 3GS/Postfix/Dovecot/SSL
Info
GOAL: To have a single document that outlines how to set up an iPhone with Postfix and Dovecot utilizing SSL.
NOTES: Many of the steps were taken from the links at bottom. This may work with other versions of iPhones, but since I have not tested them, I cannot confirm it will work.
REQUIREMENTS: iPhone 3GS, dovecot 1.2.11 and postfix 2.6.5 or later.
Specifications
Distribution: Debian Testing
Architecture: 64-bit
Outline
1. Setup dovecot for retrieval e-mail.
2. Setup postfix for sending e-mail.
HOW TO RETRIEVE E-MAIL TO IPHONE
1. Creating a private key
openssl genrsa -out ca.key 1024
2. Create a Certificate Signing Request (CSR) to request certificate from external certification
openssl req -new -key ca.key -out ca.csr
3. How to create self-signed certificate
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
4. This will create 3 files:
-rw-r--r-- 1 abc users 924 2010-03-18 05:51 ca.crt
-rw-r--r-- 1 abc users 729 2010-03-18 05:51 ca.csr
-rw-r--r-- 1 abc users 887 2010-03-18 05:49 ca.key
5. Copy these following files to the SSL directory containing the cert/private keys respectively
sudo cp ca.crt /etc/ssl/certs/dovecot.pem
sudo cp ca.key /etc/ssl/private/dovecot.pem
7. Edit dovecot.conf and ensure protocols includes imaps
protocols = imap imaps
8. Ensure that the ssl_cert_file and ssl_key_file parameters are pointing to the right SSL certs created earlier
ssl_cert_file = /etc/dovecot/certs/dovecot.pem
ssl_key_file = /etc/dovecot/private/dovecot.pem
9. Additionally, make sure the client auth is in included (copy/paste below)
# It's possible to export the authentication interface to other programs:
socket listen {
master {
# Master socket provides access to userdb information. It's typically
# used to give Dovecot's local delivery agent access to userdb so it
# can find mailbox locations.
path = /var/run/dovecot/auth-master
mode = 0600
# Default user/group is the one who started dovecot-auth (root)
#user =
#group =
}
client {
# The client socket is generally safe to export to everyone. Typical use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
9. Make sure port 993/tcp (IMAPS) is allowed on the firewall
10. In the postfix main.cf configuration, add/modify the following parameters
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
11. Restart dovecot and postfix, then try and read your e-mail from your iPhone.
HOW TO SEND E-MAIL FROM IPHONE
1. Edit /etc/postfix/main.cf, ensure the SSL/TLS sections looks like this:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_use_tls = yes
broken_sasl_auth_clients = yes
2. Also in /etc/postfix/main.cf, setup access for SASL authenticated connections
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
3. In /etc/postfix/master.cf, ensure the following lines are in place:
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
tlsmgr unix - - - 1000? 1 tlsmgr
4. Restart postfix, try to send an e-mail from iPhone using SSL!
Ran test (it worked)!
LINKS:
[1] http://blog.taragana.com/index.php/archive/openssl-how-to-create-self-signed-certificate/
[3] http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html
[4] http://www.thehypervisor.com/2008/07/howto-ubuntu-virtual-mail-host-part-2/