Postfix setup for SSL and TLS

To use SSL and TLS with the postfix mailer daemon you must change settings in the /etc/postfix/main.cf configuration file: # tls config smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/demoCA/cacert.pem smtpd_tls_cert_file = /etc/postfix/ssl/server-crt.pem smtpd_tls_key_file = /etc/postfix/ssl/server-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom tls_random_prng_update_period = 3600s You also need a SSL certificate for your mail server. Create it with the following commands: mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ # Create new local certification authority (if not already present) /usr/share/ssl/misc/CA.pl -newca # Create RSA certificate openssl req -new -nodes -keyout server-key.pem -out server-req.pem -days[…]

Read more