Reenable SSL.

10-master.conf

@@ -18,7 +18,7 @@ service imap-login {
   inet_listener imap {
     #port = 143
     #disable non-ssl imap
-    #port = 0
+    port = 0
   }
   inet_listener imaps {
     #port = 993

10-ssl.conf

@@ -3,14 +3,14 @@
 ##
 
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-ssl = no
+ssl = yes
 
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-#ssl_cert = </etc/dovecot/dovecot.pem
-#ssl_key = </etc/dovecot/private/dovecot.pem
+ssl_cert = </etc/dovecot/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.pem
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often

dovecot-openssl.cnf

@@ -15,9 +15,9 @@ x509_extensions         = v3_req
 
 [ req_distinguished_name ]
 organizationName = scimetis.net
-organizationalUnitName = @commonName@
-commonName = @commonName@
-emailAddress = @emailAddress@
+organizationalUnitName = mail
+commonName = *.scimetis.net
+emailAddress = no-reply@scimetis.net
 
 [ v3_req ]
 basicConstraints        = CA:FALSE