You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Harald ARNOLD <li...@arnold.at> on 2006/10/31 20:35:33 UTC
imap-connection for sa-learn
I want to filter my spam mail by amavis/spamassassion
(SuSE V10) for a linux box (evolution) and also for a
second W2K box with outlook.
Everything is working fine, but I cannot put spam-mails
in an imap folder to transfer those mails back to the
mail-server to learn via sa-learn --spam.
On my old mail-server everthing was working fine. Therefore
I think that I have a problem with my SSL-keys. At the last
installation I wrote many things to my docu, but I think
not all :-(((
==> Problem: IMAP, new CA-Key and Keys-imap.<mailserver>.at
What I did:
create CA (in /etc/ssl):
========================
openssl -config openssl.cnf -new -x509 -keyout private/ \
DOMAINCA-key.pem -out private/DOMAINCA-key.pem -days 366
PassPhrase <AAA>
AT/././DOMAIN/.DOMAIN root Certificate/admin@domain.at
openssl req -config <wo> -new -x509 -keyout private/\
DOMAINCA-key.pem -out DOMAINCA-cert.pem -days 366
AT/././DOMAIN./DOMAIN root Certificate/admin@domain.at
openssl x509 -in DOMAINCA-cert.pem -out DOMAINCA-cert.crt
==> cp DOMAINCA-cert.crt /srv/www/htdocs/ssl
==> scp DOMAINCA-cert.crt --> linux-client /tmp
==> Insert into evolution
imap.domain.at-certificate (ping to imap.domain.at is OK):
==========================================================
openssl req -config <wo> -new -keyout newreq.pem -out newreq.pem
-days 366
AT/././DOMAIN./Mail/admin@domain.at/imap.domain.at/admin@domain.at/./.
openssl ca -config <wo> -policy policy_anything -out newcert.pem \
-infiles newreq.pem
openssl x509 -in newcert.pem -out newcert.crt
<then my docu is not complete>:
??? move which files (newcert.pem oder .crt) to which subdirectory
in /etc/ssl
??? which file to insert into evolution (.pem or .crt)
As I can remember I also needed to convert the imap-Key to pk12
for outlook. ??? How can I do this
My /etc/ssl/openssl.cnf
=======================
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = /etc/ssl # Where everything is kept
certs = $dir/certs # Where the issued certs are
kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
# several ctificates with same
subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/private/DOMAINCA-cert.pem # The CA certificate
serial = $dir/serial # The current serial number
# commented out to leave a V1
CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/DOMAINCA-key.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the
cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = optinal
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AT
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Vienna
localityName = Locality Name (eg, city)
localityName_default = Vienna
0.organizationName = Organization Name (eg, company)
0.organizationName_default = DOMAIN
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = DOMAIN CA
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = admin@domain.at
emailAddress_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always
[ proxy_cert_ext ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo