Selor TLS - Documentation

 

Instalation


Download the TLS module here

Put this file inside 'mod' directory of your selor and unzip this (Obs: You can put the module where you want)


cp selor_tls_1.0.tar.bz2 /usr/local/selor/mod

cd /usr/local/selor/mod

tar xjf selor_tls_1.0.tar.bz2

Compile the module:

Linux:
gcc -shared -nostartfiles selor_tls.c -o selor_tls.so -lssl -fPIC

FreeBSD:
gcc -shared -nostartfiles selor_tls.c -o selor_tls.so -lssl

 

Creating the certificates

Here is a example of certificate creation self signed. If you want to create a certificate signed by a Company Certification you can found the correct method in website of this Company.

mkdir /usr/local/selor/mod/certs
cd /usr/local/selor/mod/certs

Creating a 2048 bits private key.

openssl genrsa -out private.key 2048

Creating the intermediate certificate to generate a public certificate.
It will ask for certificate informations.
The command is:

openssl req -new -key private.key -out cert.csr

A example of asks and answer:
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:SP
Locality Name (eg, city) []:JAU
rganization Name (eg, company) [Internet Widgits Pty Ltd]:My Company Name
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:svX.hostnameofserver.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Creating a public key with base in this requisition certificate.

openssl x509 -req -days 365 -in cert.csr -signkey private.key -out public.crt

Changes the permission of certificates

chmod 400 /usr/local/selor/mod/certs/*

chown -R selor. /usr/local/selor/mod/certs

 

Configuring the server module

Edit the selor.conf file to activate the TLS module:

pico /usr/local/selor/selor.conf

Let the following options with these parameters

Tls_enable 1
Tls_delivery 1
Tls_module "/usr/local/selor/mod/selor_tls.so"
Tls_privkey "/usr/local/selor/mod/certs/private.key"
Tls_pubkey "/usr/local/selor/mod/certs/public.crt"
#Tls_cafile ""

Save and exit from file and restart the Selor:

/etc/rc.d/rc.selor restart

You can test the server using the telnet and ehlo command:

telnet localhost 25

ehlo test

250-svX.hostnameofserver.com
250-SIZE 52428800
250-AUTH PLAIN LOGIN
250-STARTTLS
250 8BITMIME

quit

OBS:
The option Tls_delivery  serves to make the Selor server try to deliver the emails to external hosts using the TLS

 

 

 
Powered by C - Assembly