Postfix Client TLS Support

Resource

http://www.postfix.org/TLS_README.html#client_tls

Instructions

Generating SSL Key

Run the following commands:

cd /etc/postfix
mkdir ssl
cd ssl
openssl genrsa -rand /etc/passwd:/etc/resolv.conf 2048 > smtpd.key
chmod 400 smtpd.key
openssl req -new -key smtpd.key > smtpd.csr
#  Enter the certificate information.
#  The "common name" is the mail server DNS name.

Self-sign the certificate

Run the following commands:

openssl req -days 36524 -x509 -key smtpd.key -in smtpd.csr > smtpd.crt
cat smtpd.crt smtpd.key > smtpd.pem

Configure Postfix to use SSL

Edit main.cf (located in /etc/postfix/) adding the following at the bottom of the file.

smtp_tls_cert_file=/etc/postfix/ssl/smtpd.pem
smtp_tls_key_file=$smtp_tls_cert_file
smtp_tls_loglevel=1
smtp_tls_note_starttls_offer=yes
smtp_use_tls=yes
smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file=$smtp_tls_cert_file
smtpd_use_tls=yes
smtpd_tls_received_header=yes

Configure Dovecot

Edit dovecot.conf (typically located in /etc) adding the following lines:

ssl_cert_file = /etc/postfix/ssl/smtpd.pem
ssl_key_file = /etc/postfix/ssl/smtpd.pem

Restart

Restart postfix and dovecot.