12/27/2015

Plesk - Emails and SSL

Here is the procedure to follow to install an SSL certificate for IMAP and SMTP servers on Plesk 11.5 and CentOS (configuration of MediaTemple Managed DV servers).

These steps are updated steps from the following MediaTemple article:

How can I change default certificates for SMTP, IMAP, and POP3 over SSL?

Software involved

On Plesk 11.5 or 12.5 (CentOS), the servers are:

  • Email sending : Postfix
  • Email receiveing : courier-imap

Let's encrypt

If you are using Let's Encrypt, follow these instructions: https://github.com/plesk/letsencrypt-plesk/wiki/Secure-Mail-Server

Otherwise, continue with the following steps.

Obtain a certificate

This step depends on your host, on MediaTemple, follow
these instructions.

Install the certificate

In Plesk, install the certificate on the server, using the Administration Panel.

  1. Connect to the server (ex.:https://votredomaine.com:8443).
  2. In the menu, click on Server Management, SSL Certificates and on Add SSL Certificate.
  3. Add the certificate by adding the 3 required files.
  4. Click on Send.
  5. Download the installed certificate (.pem) by clicking on the green arrow (Download all certificate parts).

Download the certificate

Using an FTP client or SSH connection, upload the .pem file from the previous step to the server, in the following folder:

/usr/share/courier-imap/votredomaine.com.pem

Grant permissions 600 and ensure that the owner:group is root:root.

chown root:root /usr/share/courier-imap/votredomaine.com.pem
chmod 600 /usr/share/courier-imap/votredomaine.com.pem

Edit configuration files

Edit these files to point their certificate to the file downloaded in the previous step.

/etc/postfix/main.cf

smtpd_tls_cert_file = /usr/share/courier-imap/votredomaine.com.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes

/etc/courier-imap/imapd-ssl

TLS_CERTFILE=/usr/share/courier-imap/votredomaine.com.pem
MAXDAEMONS=100
MAXPERIP=25

The last two lines are used to increase the connection limits (see KB MediaTemple for more details).

/etc/courier-imap/pop3d-ssl

TLS_CERTFILE=/usr/share/courier-imap/votredomaine.com.pem
MAXDAEMONS=100
MAXPERIP=25

The last two lines are used to increase the connection limits ([see KB MediaTemple for more details](https://kb.mediatemple.net/questions/259/How+can+I+raise+Courier-IMAP+or+ POP3+connections+for+my+server%3F#dv)).

Restart the servers

/etc/init.d/courier-imapd restart && /etc/init.d/courier-imaps restart
/etc/init.d/courier-pop3d restart && /etc/init.d/courier-pop3s restart
/usr/sbin/postfix stop && /usr/sbin/postfix start

Test the configuration

THIS TEST IS PARTIAL.

telnet localhost 25
EHLO mail-qa0-f43.google.com
STARTTLS
quit

More tests here : http://kb.sp.parallels.com/en/118918