Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
41424344454647484950
4.7.2 Configure SSL Support
If any e-mail services are required, their communications should be protected by
SSL. Enabling SSL for incoming (IMAP and POP) and outgoing (SMTP) mail service
will encrypt communications between the mail server and its clients, protecting
clients from eavesdroppers on the local network.
4.7.2.1 Install Mail Server Certificates
If you’re running an outgoing mail service and have decided to act as your own CA as
described in “Enabling Secure Sockets Layer,” copy the mailserver.pem file to the
/etc/postfix/ directory and change its name to server.pem. If you’ve
purchased a certificate from a commercial CA, follow their instructions to ensure
that the correct information ends up in /etc/postfix/server.pem.
If you’re running an incoming mail service and have decided to act as your own CA
as described in “Enabling Secure Sockets Layer,” copy the mailserver.pem file to
the /var/imap directory and change its name to server.pem. If you’ve purchased
a certificate from a commercial CA, follow their instructions to ensure that the
correct information ends up in /var/imap/server.pem. The ownership of the
server.pem file must also be changed so that the IMAP and POP server can read it:
chown cyrus /var/imap/server.pem
4.7.2.2 Enable SSL Support
Now that the certificate and key are in place, enable SSL for mail service as follows:
1. Open Server Admin and click Mail under the server you’re configuring.
2. Click Settings.
3. Click on the “Advanced” tab.
4. Select “Require” from the SMTP SSL drop down menu.
5. Select “Require” from the IMAP and POP SSL drop down menu.
6. Click Save.
Three options exist for the server’s SSL support: Require, Use, and Don't Use. "Use"
will allow both regular and SSL connections. This is better than "Don't use," but
"Require" is recommended. Remember that SMTP mail clients must support SSL
connections in addition to setting this up on the mail server. On a homogenous Mac
OS X network, this isn't an issue since Apple’s Mail client supports SSL, but on a
heterogeneous network, SSL support on the client side may not exist.
44
UNCLASSIFIED