Postfix Enable SSL/TLS with your certificate

Create Cert & Key:


openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
mkdir /etc/mailssl
chmod 700 /etc/mailssl
cp server.* /etc/mailssl


Postfix SSL config

Edit /etc/postfix/main.cf:

#SSL stuff
smtpd_tls_cert_file = /etc/mailssl/server.crt
smtpd_tls_key_file = /etc/mailssl/server.key


To make smtps work on port 465 which it should, then you have to edit /etc/postfix/master.cf:

Uncomment the following near the top (note it is the stanza which starts with smtps and NOT smtp)

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

The above didn't work,I had to comment the two lines about sasl_auth and client_restrictons to make it work.

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 


Tags:

postfix, enable, ssl, tls, certificatecreate, cert, openssl, req, nodes, server, crt, keyout, mkdir, etc, mailssl, chmod, cp, config, edit, cf, smtpd_tls_cert_file, smtpd_tls_key_file, smtps, uncomment, stanza, smtp, inet, smtpd, smtpd_tls_wrappermode, smtpd_sasl_auth_enable, smtpd_client_restrictions, permit_sasl_authenticated, reject, didn, sasl_auth, client_restrictons, smtpd_enforce_tls,

Latest Articles

  • Linux Ubuntu Cannot Print Large Images
  • Cannot Print PDF Solution and Howto Resize
  • Linux Console Login Screen TTY Change Message
  • Apache Cannot Start Listening Already on 0.0.0.0
  • MySQL Bash Query to pipe input directly without using heredoc trick
  • CentOS 6 and 7 / RHEL Persistent DHCP Solution
  • Debian Ubuntu Mint rc-local service startup error solution rc-local.service: Failed at step EXEC spawning /etc/rc.local: Exec format error
  • MySQL Cheatsheet Guide and Tutorial
  • bash script kill whois or other command that is running for too long
  • Linux tftp listens on all interfaces and IPs by DEFAULT Security Risk Hole Solution
  • python import docx error
  • Cisco Unified Communications Manager Express Cheatsheet CUCME CME
  • Linux Ubuntu Debian Missing privilege separation directory: /var/run/sshd
  • bash how to count the number of columns or words in a line
  • bash if statement how to test program output without assigning to variable
  • RTNETLINK answers: Network is unreachable
  • Centos 7 how to save iptables rules like Centos 6
  • nfs tuning maximum amount of connections
  • qemu-kvm error "Could not initialize SDL(No available video device) - exiting"
  • Centos 7 tftpd will not work with selinux enabled