How To Enable TLS/SSL Encryption In Postfix (smtpd)
Below info copied from http://yocum.org/faqs/postfix-tls-sasl.html
Verify that the correct libraries have been linked in:
# ldd /usr/libexec/postfix/smtpd
You should see the following:
smtpd:
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28096000)
libssl.so.3 => /usr/local/lib/libssl.so.3 (0x280aa000)
libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x280db000)
If you see libsasl2, libssl, and libcrypto, congratulations — the server is ready to support SASL and TLS.
Generate an SSL certificate:
# mkdir /etc/postfix/ssl
# cd /etc/postfix/ssl
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
Enter configuration options for Postfix in /etc/postfix/main.cf:
### SASL Config:
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks
Your settings for the two “restrictions” lines may vary, but it is important to note that the sasl inclusion must be the first entry in the list.
### TLS Config:
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
To TEST:
Go to your email program and set to use SSL in addition to AUTH. I use the Apple Mail.app connection Doctor to instantly see if things are working!
Leave Your Comment
All fields marked with "*" are required.