Postfix Enable SSL/TLS with your certificate

Create Cert & Key:


openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
mkdir /etc/mailssl
chmod 700 /etc/mailssl
cp server.* /etc/mailssl


Postfix SSL config

Edit /etc/postfix/main.cf:

#SSL stuff
smtpd_tls_cert_file = /etc/mailssl/server.crt
smtpd_tls_key_file = /etc/mailssl/server.key

To make smtps work on port 465 which it should, then you have to edit /etc/postfix/master.cf:

Uncomment the following near the top (note it is the stanza which starts with smtps and NOT smtp)

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

The above didn't work,I had to comment the two lines about sasl_auth and client_restrictons to make it work.

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 


Tags:

postfix, enable, ssl, tls, certificatecreate, cert, openssl, req, nodes, server, crt, keyout, mkdir, etc, mailssl, chmod, cp, config, edit, cf, smtpd_tls_cert_file, smtpd_tls_key_file, smtps, uncomment, stanza, smtp, inet, smtpd, smtpd_tls_wrappermode, smtpd_sasl_auth_enable, smtpd_client_restrictions, permit_sasl_authenticated, reject, didn, sasl_auth, client_restrictons, smtpd_enforce_tls,

Latest Articles

  • Proxmox How To Purge Ceph
  • VMWare ESXi/VSphere Disable Balloon Segfault in Services Solution
  • Apache Linux Debian Ubuntu Container how to manually restart without killing
  • Docker enable UTF8 in Container to stop seeing gibberish ? characters
  • Debian 8 How To Use Apt Update Archive sources.list
  • Debian Live CD Password
  • Forbidden You don't have permission to access this resource. [authz_core:error] [pid 338:tid 338] [client 1.2.3.4:55046] AH01630: client denied by server configuration:
  • The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection.
  • Asterisk RTP/audio not working in either direction in Docker NAT with a NAT client
  • dovecot: imap(root@localhost)<3702>: Error: Mailbox INBOX: mmap(size=352609044) failed with file /var/spool/mail/root/Maildir/dovecot.index.cache: Cannot allocate memory
  • Asterisk cannot find soundfile file.c:824 ast_openstream_full: File for-tech-support does not exist in any format
  • Apache Error solution - mktemp: failed to create directory via template '/var/lock/apache2.XXXXXXXXXX': No such file or directory
  • sysctl settings to reduce buffers and caches in Linux
  • Find /dev/sd block device of ata device - ata6: SATA link up 1.5 Gbps (SStatus 113 SControl 310) ata6.00: qc timeout (cmd 0xec) ata6.00: failed to IDENTIFY (I/O error, err_mask=0x4) ata6.00: revalidation failed (errno=-5)
  • Stuttering Audio on VOIP phones when first answering a call slow and fast audio
  • How to distribute the Microsoft VC Visual Studio Redistributable Files On Your Own
  • Nvidia video resolution and codec encode decode support matrix eg. h264 4k h265 HEVC VP9 Card List from GTX, RTX, Quadro
  • Japan and China ping time observations
  • ffmpeg convert to another format eg h265 to h264
  • Apache stop bots and hackers by using forensic logging.
    • Copyright © realtechtalk.com 2026