Hello Courier users!
Up to now I was not aware that Qualys' SSL test could be used on other
ports than 443.
Here is how.
1) You spin up an hourly billed VPS (like UpCloud) Probably your 443
port is already used for production websites.
2) Enable IP forwarding
echo 1 > cat /proc/sys/net/ipv4/ip_forward
3) Route all tcp/443 traffic to your Courier installation
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT
--to-destination ${COURIER_IP}:465
iptables -t nat -A POSTROUTING -p tcp --dst ${COURIER_IP} --dport 465
-j SNAT --to-source ${TEMPORARY_VPS_IP}
pre-4) Add an exception in Fail2ban for ${TEMPORARY_VPS_IP}
4) Enter the VPS' reverse host name
https://www.ssllabs.com/ssltest/
Of course there will be a CN mismatch but all the rest of Qualys' fine
report will show you all the details.
All the best!
SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498 [email protected] skype: szepe.viktor
Budapest, III. kerület
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
