Dave's Brain

Browse - Computer Tips - How can I make Postfix support secure SMTP (SMTPS)

Date: 2008jul9
OS: Linux
Product: postfix

Q.  How can I make Postfix support secure SMTP (SMTPS)
(This uses SSL and runs on port 465)

A.  I prefer TLS on port 25 -- there is another article about that.
http://www.davekb.com/search.php?target=postfix+TLS

If you want a way for valid remote users to be able to post from from
their mail clients see this article.
http://www.davekb.com/search.php?target=postfix+submission

If you still want to setup an SMTPS service read on.

With RedHat/Fedora/CentOS its pretty easy.
Make a self-signed certificate like this:

cd /etc/pki/tls/certs make postfix.pem
Add these options to /etc/postfix/main.cf:
smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
Uncomment and modify these lines in /etc/postfix/master.cf
smtps inet n - n - - smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
On the first line above we changed smtpd to smtps This means you get "smtps" in the log which is useful. To make that work, create this symbolic link:
ln -s /usr/libexec/postfix/smtpd /usr/libexec/postfix/smtps
Restart Postfix:
systemctl restart postfix
Finally you need to open port 465 in your firewall. Run system-config-security-level and add smtps:tcp or directly edit /etc/sysconfig/iptables

Add a comment

Sign in to add a comment
Copyright © 2008-2017, dave - Code samples on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License. However other material, including English text has all rights reserved.