13,420
edits
Changes
no edit summary
'''Perform the following steps:'''
#Let's start with the "sending" SMTP server we have on VM2. Run the following, replacing <u>andrewsmith.org </u> with '''<u>your own </u> domain name''':
<source lang="bash">cd /root/postfix-keys
:'''NOTE:''' Those commands will create a certificate, a certificate signing request, a certificate authority, and a sign your certificate with your certificate authority. Same as in the real world except there you would contact a real CA, here you're making up your own.
<ol><li value="2">Now , configure Postfix to use itthe generated certificate, by adding the following to your '''main.cf ''' file:</li></ol>
<pre># Settings to enable secure SMTP using my self-signed certificate:
=== Setting Up and Testing Encryption with Thunderbird ===
#Currently your Thunderbird is set up to use '''vm2.yoursenecaid.org''' for an SMTP server, with <u>no</u> security. Change that to use '''STARTTLS''' instead (you can change it under account settings --> Outgoing Server). We haven't set up any user authentication, just an encrypted channel;therefore, leave the '''authentication method''' at the value: '''none'''.#Thunderbird will warn you about the self-signed certificate. You obviously know it's your certificate so you can tell Thunderbird to trust it:
[[Image:SMTP-certificate-warning.png]]
:'''NOTE:''' Your message may look slightly different(This author, that created the diagram above, I made a little mistake when generating my the certificate).
<ol><li value="3">After you confirm that security exception - , send another email to yourself and make sure you receive it. </li><li> Notice that from the user's point of view nothing is different. But if you were an evildoer trying to steal an identity - (the difference is huge). Before it was trivial and now it's computationally prohibitive.</li></ol>
=== Encryption Dovecot with Secure Socket layer (SSL) ===