Computer Tips - Postfix: make Postfix support secure SMTP (SMTPS)

Date: 2008jul9 OS: Linux Product: postfix Q. Postfix: make Postfix support secure SMTP (SMTPS) (This uses SSL and runs on port 465) A. I prefer TLS on port 25 -- there is another article about that. If you want a way for valid remote users to be able to post from from their mail clients see this article. If you still want to setup an SMTPS service read on. With RedHat/Fedora/CentOS its pretty easy. Make a self-signed certificate like this:
cd /etc/pki/tls/certs make postfix.pem
Add these options to /etc/postfix/
smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
Uncomment and modify these lines in /etc/postfix/
smtps inet n - n - - smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
On the first line above we changed smtpd to smtps This means you get "smtps" in the log which is useful. To make that work, create this symbolic link:
ln -s /usr/libexec/postfix/smtpd /usr/libexec/postfix/smtps
Restart Postfix:
systemctl restart postfix
Finally you need to open port 465 in your firewall. Run system-config-security-level and add smtps:tcp or directly edit /etc/sysconfig/iptables