How To Enable TLS/SSL Encryption In Postfix (smtpd)

Published Date Author: , Posted December 17th, 2010 at 11:47:08am

Below info copied from http://yocum.org/faqs/postfix-tls-sasl.html

Verify that the correct libraries have been linked in:

# ldd /usr/libexec/postfix/smtpd

You should see the following:

smtpd:
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28096000)
libssl.so.3 => /usr/local/lib/libssl.so.3 (0x280aa000)
libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x280db000)

If you see libsasl2, libssl, and libcrypto, congratulations — the server is ready to support SASL and TLS.

Generate an SSL certificate:

# mkdir /etc/postfix/ssl
# cd /etc/postfix/ssl
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650

Enter configuration options for Postfix in /etc/postfix/main.cf:

### SASL Config:
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks

Your settings for the two “restrictions” lines may vary, but it is important to note that the sasl inclusion must be the first entry in the list.

### TLS Config:
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

To TEST:

Go to your email program and set to use SSL in addition to AUTH. I use the Apple Mail.app connection Doctor to instantly see if things are working!

No comments as yet.

Leave Your Comment  Leave a comment

All fields marked with "*" are required.