Computer Tips - Postfix: make Postfix support secure SMTP (SMTPS)

Date: 2008jul9 OS: Linux Product: postfix Q. Postfix: make Postfix support secure SMTP (SMTPS) (This uses SSL and runs on port 465) A. I prefer TLS on port 25 -- there is another article about that. http://www.davekb.com/search.php?target=postfix+TLS If you want a way for valid remote users to be able to post from from their mail clients see this article. http://www.davekb.com/search.php?target=postfix+submission If you still want to setup an SMTPS service read on. With RedHat/Fedora/CentOS its pretty easy. Make a self-signed certificate like this:
cd /etc/pki/tls/certs make postfix.pem
Add these options to /etc/postfix/main.cf:
smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
Uncomment and modify these lines in /etc/postfix/master.cf
smtps inet n - n - - smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
On the first line above we changed smtpd to smtps This means you get "smtps" in the log which is useful. To make that work, create this symbolic link:
ln -s /usr/libexec/postfix/smtpd /usr/libexec/postfix/smtps
Restart Postfix:
systemctl restart postfix
Finally you need to open port 465 in your firewall. Run system-config-security-level and add smtps:tcp or directly edit /etc/sysconfig/iptables