This page is out of date, it has been replaced by a newer version which you can find here.
This is another optional feature, you don’t have to do this configuration to get a working mail server. If you however want a secure mail server where people can login being confident that their password can’t be snooped from the network this is an option you want to configure, just like the TLS option for Postfix. The SSL or TLS option for IMAP will create an encrypted connection between the mail client and the mail server so that the authentication phase will be done securely.
First you need to setup a configuration file which will look like the questions you where asked when generating an SSL certificate with the openssl
command. It is located in the directory /usr/local/etc
and its called imapd.cnf
. Make it look like:
RANDFILE = /usr/local/share/imapd.rand
[ req ]
default_bits = 2048
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=Your Country
ST=State or Province
L=City
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=yourdomainname.tld
emailAddress=postmaster@yourdomainname.tld
[ cert_type ]
nsCertType = server
You must change the common name (CN) to that of the fully qualified hostname assigned to the IP address Courier IMAP will be listening on, or you will receive a certificate mismatch error when connecting with an IMAP and SSL compatible mail client. The remaining fields, Country (C), State (ST), Location (L), Organization (O), Organizational Unit (OU), and emailAddress are self explanatory and need not be specific values.
When you are happy with the values you have chosen, go to the directory /usr/local/share
run mkimapdcert
as root to generate a new certificate. Make sure you remove the existing imapd.pem
first, or no new certificate will be created.
You will notice that the generated certificate will expire in one year. If you need more time, you can modify mkimapdcert
directly, as it is just a shell script. You can increase the number of days to a value you find more reasonable.
Next the configuration file of the Courier IMAP daemon, it is located in the directory /usr/local/etc
and is called imapd-ssl
. Note: there is a difference with the normal IMAP configuration file imapd
, both are different and are used by two different programs. Edit the imapd-ssl
file so that the option look like the list below:
SSLPORT=993
SSLADDRESS=0
SSLPIDFILE=/var/run/imapd-ssl.pid
SSLLOGGEROPTS="-name=imapd-ssl"
IMAPDSSLSTART=NO
IMAPDSTARTTLS=YES
IMAP_TLS_REQUIRED=0
COURIERTLS=/usr/local/bin/couriertls
TLS_PROTOCOL=SSL3
TLS_STARTTLS_PROTOCOL=TLS1
TLS_CERTFILE=/usr/local/share/imapd.pem
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/usr/local/var/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=/usr/local/virtual
Now your done with all configuration.
Next page ->, getting it all to run.