Dave's Brain

Browse - computer tips - easy postfix tls ssl

Date: 2007dec14

Q.  How can I make Postfix use TLS/SSL?

A.  This is a nice thing to enable since it'll
encrypt the mail it exchanges with other SMTP agents that support TLS.
No need to use PGP, etc.

With RedHat/Fedora its pretty easy.
Make a self-signed certificate like this:

	cd /etc/pki/tls/certs
	make postfix.pem

Add these options to /etc/postfix/main.cf:

	smtpd_tls_auth_only = no
	smtp_use_tls = yes
	smtpd_use_tls = yes
	smtp_tls_note_starttls_offer = yes

	smtpd_tls_key_file = /etc/pki/tls/certs/postfix.pem
	smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem

	smtpd_tls_loglevel = 1
	smtpd_tls_received_header = yes
	smtpd_tls_session_cache_timeout = 3600s
	tls_random_source = dev:/dev/urandom

Restart Postfix:

	service postfix restart

Use of TLS will be noted in your mail headers and the Postfix log.

Add a comment

Sign in to add a comment
Copyright © 2008, dave - Code on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License.