Hello Courier users!

Up to now I was not aware that Qualys' SSL test could be used on other  
ports than 443.
Here is how.

1) You spin up an hourly billed VPS (like UpCloud) Probably your 443  
port is already used for production websites.

2) Enable IP forwarding

echo 1 > cat /proc/sys/net/ipv4/ip_forward

3) Route all tcp/443 traffic to your Courier installation

iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT  
--to-destination ${COURIER_IP}:465

iptables -t nat -A POSTROUTING -p tcp --dst ${COURIER_IP} --dport 465  
-j SNAT --to-source ${TEMPORARY_VPS_IP}

pre-4) Add an exception in Fail2ban for ${TEMPORARY_VPS_IP}

4) Enter the VPS' reverse host name

https://www.ssllabs.com/ssltest/

Of course there will be a CN mismatch but all the rest of Qualys' fine  
report will show you all the details.


All the best!


SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to