Enabling SSL Sessions with the IMAP Mail Daemon

Support knowledgebase (imap_ssl)
Applies to

SuSE Linux: Versions since 8.2

Situation

You want the IMAP mail daemon (package imap) to enable SSL sessions.

Background

As of SuSE Linux 8.2, the IMAP mail daemon no longer allows plain text passwords for unencrypted sessions. Plain text passwords are only allowed in SSL-encrypted sessions.

Procedure

If you use SuSE Linux 8.2, update the package imap to the latest version available, for example, with YaST Online Update (YOU).

1. Issuing a SSL Certificate

Certificates are stored in /etc/ssl/certs. For this reason, change to this directory first: 
cd /etc/ssl/certs
Now proceed to issue the actual certificate. If your system is reachable at one IP or one host name only, execute the following command: 
openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 365
You will be requested to enter your Country Name (two-letter code), State or Province Name (full name), Locality Name (e.g., city), Organization Name (e.g., company), Organizational Unit Name (e.g., department), Common Name (your host name), and e-mail address.

The "Common Name", which contains your system's full DNS name or IP, is particularly important.

If your host is reachable at several DNS names or IPs, a separate certificate can be issued for each one of them: 

   openssl req -new -x509 -nodes -out imapd-your.domain.com.pem -keyout \
   imapd-your.domain.com.pem -days 365
or 
   openssl req -new -x509 -nodes -out imapd-x.x.x.x.pem -keyout \
   imapd-x.x.x.x.pem -days 365

2.1 xinetd Configuration:

Open the file /etc/xinetd.d/imap with an editor of your choice. 
    $EDITOR /etc/xinetd.d/imap
Append the section "imaps" if missing. 
    service imaps
    {
        disable         = no
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/sbin/imapd
        flags           = IPv4  
    }
Save the changes and restart xinetd with the command rcxinetd restart.

2.2 inetd Configuration:

If you still deploy inetd, open the file /etc/inetd.conf with an editor of your choice. 
    $EDITOR /etc/inetd.conf
Disable all the lines starting with imap or imaps by furnishing them with a comment sign (#). Then append the following line: 
    imaps  stream  tcp     nowait  root    /usr/sbin/imapd imapd
Now restart inetd with rcinetd restart and you will be able to set up SSL-encrypted IMAP sessions to your host.

We would like to thank the author of this article, Christoph Thiel.

Keywords: IMAPD, OPENSSL, CERTIFICATE, EMAIL
Categories: Email
SDB-imap_ssl, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 20. May 2003
SuSE Linux AG - Last generated: 26. Jun 2003 by ip (sdb_gen 1.40.0)