====== Postfix Client TLS Support ======

===== Resource =====
http://www.postfix.org/TLS_README.html#client_tls

====== Instructions ======
===== Generating SSL Key =====
Run the following commands: \\

<code>
cd /etc/postfix
mkdir ssl
cd ssl
openssl genrsa -rand /etc/passwd:/etc/resolv.conf 2048 > smtpd.key
chmod 400 smtpd.key
openssl req -new -key smtpd.key > smtpd.csr
#  Enter the certificate information.
#  The "common name" is the mail server DNS name.
</code>

===== Self-sign the certificate =====

Run the following commands:

<code>
openssl req -days 36524 -x509 -key smtpd.key -in smtpd.csr > smtpd.crt
cat smtpd.crt smtpd.key > smtpd.pem
</code>

===== Configure Postfix to use SSL =====

Edit main.cf (located in /etc/postfix/) adding the following at the bottom of the file. \\

<code>
smtp_tls_cert_file=/etc/postfix/ssl/smtpd.pem
smtp_tls_key_file=$smtp_tls_cert_file
smtp_tls_loglevel=1
smtp_tls_note_starttls_offer=yes
smtp_use_tls=yes
smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file=$smtp_tls_cert_file
smtpd_use_tls=yes
smtpd_tls_received_header=yes
</code>

===== Configure Dovecot =====
Edit dovecot.conf (typically located in /etc) adding the following lines: 

<code>
ssl_cert_file = /etc/postfix/ssl/smtpd.pem
ssl_key_file = /etc/postfix/ssl/smtpd.pem
</code>

===== Restart =====
Restart postfix and dovecot.