Differences
This shows you the differences between two versions of the page.
tech:linux:postfix_client_tls [2014/11/15 09:13] |
tech:linux:postfix_client_tls [2014/11/15 09:13] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Postfix Client TLS Support ====== | ||
+ | |||
+ | ===== Resource ===== | ||
+ | http://www.postfix.org/TLS_README.html#client_tls | ||
+ | |||
+ | ====== Instructions ====== | ||
+ | ===== Generating SSL Key ===== | ||
+ | Run the following commands: \\ | ||
+ | |||
+ | <code> | ||
+ | cd /etc/postfix | ||
+ | mkdir ssl | ||
+ | cd ssl | ||
+ | openssl genrsa -rand /etc/passwd:/etc/resolv.conf 2048 > smtpd.key | ||
+ | chmod 400 smtpd.key | ||
+ | openssl req -new -key smtpd.key > smtpd.csr | ||
+ | # Enter the certificate information. | ||
+ | # The "common name" is the mail server DNS name. | ||
+ | </code> | ||
+ | |||
+ | ===== Self-sign the certificate ===== | ||
+ | |||
+ | Run the following commands: | ||
+ | |||
+ | <code> | ||
+ | openssl req -days 36524 -x509 -key smtpd.key -in smtpd.csr > smtpd.crt | ||
+ | cat smtpd.crt smtpd.key > smtpd.pem | ||
+ | </code> | ||
+ | |||
+ | ===== Configure Postfix to use SSL ===== | ||
+ | |||
+ | Edit main.cf (located in /etc/postfix/) adding the following at the bottom of the file. \\ | ||
+ | |||
+ | <code> | ||
+ | smtp_tls_cert_file=/etc/postfix/ssl/smtpd.pem | ||
+ | smtp_tls_key_file=$smtp_tls_cert_file | ||
+ | smtp_tls_loglevel=1 | ||
+ | smtp_tls_note_starttls_offer=yes | ||
+ | smtp_use_tls=yes | ||
+ | smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem | ||
+ | smtpd_tls_key_file=$smtp_tls_cert_file | ||
+ | smtpd_use_tls=yes | ||
+ | smtpd_tls_received_header=yes | ||
+ | </code> | ||
+ | |||
+ | ===== Configure Dovecot ===== | ||
+ | Edit dovecot.conf (typically located in /etc) adding the following lines: | ||
+ | |||
+ | <code> | ||
+ | ssl_cert_file = /etc/postfix/ssl/smtpd.pem | ||
+ | ssl_key_file = /etc/postfix/ssl/smtpd.pem | ||
+ | </code> | ||
+ | |||
+ | ===== Restart ===== | ||
+ | Restart postfix and dovecot. | ||