English Forums > Documentation and Translation

Letsencrypt and Mailserver (IRedmail) ?

(1/2) > >>

opnsenseuser:
Hello community! :-)

I have two questions and hope someone can help me!

I host my own email server for one day and use iredmail for it. Sending mails is already working. But do not receive yet. But thats another problem.

Additionally, I have letsencrypt installed. this rings so far without errors.

now I use squid. if I'm not mistaken, squid can not be used with the letsencrypt certificate!

How can i use the letsencrypt certificate that opnsense generated for my mailserver?
Do I have to export it from opnsense via the trust menu or can I somehow automate this?

Can someone give me a detailed guide. Unfortunately I did not find anything for this theme.

best regards, rene

fabian:
This is not an API enabled module (trust), so you have to export it using manual HTTP calls while handling the XSRF protection.

You can also export the config.xml  (use the api-backup plugin) and extract the certificate and the key from it (really simple when using nokogiri) if you want but long story short: It is not native supported.

This is an example (obsolete script for backups) for manual requests, before the api plugin existed:
https://github.com/fabianfrz/scripts/blob/master/OPNsense/backup_over_http.rb

opnsenseuser:
thanks for the explanation. :-) Thats great!-> I'll think about how I do that. ;-)

my email server is running now.sending an recieving works perfect.
But I do not quite understand why a nat rule alone is sufficient.
I always thought I first had to open the port on the wan interface (25) and then make a nat rule for the internal server. but it was enough only to create the nat-rule. see the screenshot.

Can you explain that to me?
And what can I do to better secure the port? Is it save the way i created the rule?
I would be very grateful for any support.

best regards rené

fabian:
see the entry "Filter rule association" on you screenshot -> create a pass rule.

opnsenseuser:
where can i see this rule?
What else can i do to make the port saf(er)?
I made some wan rules! Does this make sense? (screenshot)

regards
René

Navigation

[0] Message Index

[#] Next page

Go to full version