To use SSL and TLS with the postfix mailer daemon you must change settings in the /etc/postfix/main.cf configuration file:
# tls config
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/demoCA/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/server-crt.pem
smtpd_tls_key_file = /etc/postfix/ssl/server-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
tls_random_prng_update_period = 3600s
You also need a SSL certificate for your mail server. Create it with the following commands:
# Create new local certification authority (if not already present)
# Create RSA certificate
openssl req -new -nodes -keyout server-key.pem -out server-req.pem -days 365
openssl ca -out server-crt.pem -infiles server-req.pem
chmod 644 server-crt.pem demoCA/cacert.pem
chmod 400 server-key.pem
Now you must remove the comment mark "#" for SMTPS and TLS manager in the /etc/postfix/master.cf configuration file:
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
tlsmgr unix - - n 1000? 1 tlsmgr
First you must install the UW-Imap daemon with yast. UW-Imap uses the standard mail folder structure from Linux, so no additional configuration is needed.
Create SSL certificates
The certificates are stored in folder /etc/ssl/certs. Change to this directory:
Now create the certificates for your system with the following command:
openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 365
You are asked about country name (2 letter code), state or province Name (full name), locality name (eg, city), organization name (eg, company), organizational unit name (eg, section), common name (eg, your name) and email address.
For «common name» you must enter the full DNS or IP address of your system ! If your system has more than one DNS name or IP addresses you must generate an own certificate for each DNS name or IP address.
Configuration of xinetd
Open the file /etc/xinetd.d/imap with a editor of your choice.
Add the section imaps if it doesn't already exists:
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/imapd
flags = IPv4
Save the changes and restart xinetd with the command
You need a Linux installation image, e.g. SUSE-Linux-10.1-Remastered-i386-mini.iso. You can download this from a openSuSE mirror server.
The package syslinux must be installed to make a bootable USB stick. So if you haven't it installed you must do so now.
Asume your USB stick is accessed with device name /dev/sda1, you can use the following commands to write the image to the stick and make it bootable:
mount -o loop SUSE-Linux-10.1-Remastered-i386-mini.iso /mnt
/mnt/boot/i386/mkbootdisk --32 --partition /dev/sda1 /mnt