Copyright © 2008-2018, dave - Code samples on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License. However other material, including English text has all rights reserved.
Date: 2007dec14 OS: Linux Product: Postfix Q. How can I make Postfix support TLS? A. This is a nice thing to enable since it'll encrypt the mail it exchanges with other SMTP agents that support TLS. No need to use PGP, etc. With RedHat/Fedora/CentOS its pretty easy. Make a self-signed certificate like this:cd /etc/pki/tls/certs make postfix.pemAdd these options to /etc/postfix/main.cf:smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandomRestart Postfix:systemctl restart postfixUse of TLS will be noted in your mail headers and the Postfix log. For example:Nov 24 16:15:28 www postfix/smtpd: connect from mail.example.com[188.8.131.52] Nov 24 16:15:28 www postfix/smtpd: setting up TLS connection from mail.example.com[184.108.40.206] Nov 24 16:15:28 www postfix/smtpd: Anonymous TLS connection established from mail.example.com[220.127.116.11]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Add a commentSign in to add a comment