I want to filter my spam mail by amavis/spamassassion
(SuSE V10) for a linux box (evolution) and also for a
second W2K box with outlook.
Everything is working fine, but I cannot put spam-mails
in an imap folder to transfer those mails back to the
mail-server to learn via sa-learn --spam.
On my old mail-server everthing was working fine. Therefore
I think that I have a problem with my SSL-keys. At the last
installation I wrote many things to my docu, but I think
not all :-(((
==> Problem: IMAP, new CA-Key and
Keys-imap.<mailserver>.at
What I did:
create CA (in /etc/ssl):
========================
openssl -config openssl.cnf -new -x509 -keyout private/
DOMAINCA-key.pem -out private/DOMAINCA-key.pem -days 366
PassPhrase <AAA>
AT/././DOMAIN/.DOMAIN root Certificate/admin domain.at
openssl req -config <wo> -new -x509 -keyout private/
DOMAINCA-key.pem -out DOMAINCA-cert.pem -days 366
AT/././DOMAIN./DOMAIN root Certificate/admindomain.at
openssl x509 -in DOMAINCA-cert.pem -out DOMAINCA-cert.crt
==> cp DOMAINCA-cert.crt /srv/www/htdocs/ssl
==> scp DOMAINCA-cert.crt --> linux-client /tmp
==> Insert into evolution
imap.domain.at-certificate (ping to imap.domain.at is OK):
==========================================================
openssl req -config <wo> -new -keyout newreq.pem -out
newreq.pem
-days 366
AT/././DOMAIN./Mail/admindomain.at/imap.domain.at/admindomain.at/./.
openssl ca -config <wo> -policy policy_anything -out
newcert.pem
-infiles newreq.pem
openssl x509 -in newcert.pem -out newcert.crt
<then my docu is not complete>:
??? move which files (newcert.pem oder .crt) to which
subdirectory
in /etc/ssl
??? which file to insert into evolution (.pem or .crt)
As I can remember I also needed to convert the imap-Key to
pk12
for outlook. ??? How can I do this
My /etc/ssl/openssl.cnf
=======================
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
[ ca ]
default_ca = CA_default # The default ca
section
[ CA_default ]
dir = /etc/ssl # Where everything
is kept
certs = $dir/certs # Where the issued
certs are
kept
crl_dir = $dir/crl # Where the issued
crl are kept
database = $dir/index.txt # database index
file.
# several ctificates
with same
subject.
new_certs_dir = $dir/newcerts # default place for
new certs.
certificate = $dir/private/DOMAINCA-cert.pem # The CA
certificate
serial = $dir/serial # The current serial
number
# commented out to
leave a V1
CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/DOMAINCA-key.pem # The
private key
RANDFILE = $dir/private/.rand # private random
number file
x509_extensions = usr_cert # The extentions to
add to the
cert
name_opt = ca_default # Subject Name
options
cert_opt = ca_default # Certificate field
options
default_days = 3650 # how long to
certify for
default_crl_days= 30 # how long before
next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN
ordering
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = optinal
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self
signed cert
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter
code)
countryName_default = AT
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name
(full name)
stateOrProvinceName_default = Vienna
localityName = Locality Name (eg, city)
localityName_default = Vienna
0.organizationName = Organization Name (eg,
company)
0.organizationName_default = DOMAIN
organizationalUnitName = Organizational Unit Name
(eg, section)
organizationalUnitName_default = DOMAIN CA
commonName = Common Name (eg, YOUR
name)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = admindomain.at
emailAddress_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated
Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always
[ proxy_cert_ext ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated
Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3
,policy:foo
------------------------------------------------------------
-------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|