Date: 2007dec14
Q. How can I make Postfix support TLS?
A. This is a nice thing to enable since it'll
encrypt the mail it exchanges with other SMTP agents that support TLS.
No need to use PGP, etc.
With RedHat/Fedora its pretty easy.
Make a self-signed certificate like this:
cd /etc/pki/tls/certs
make postfix.pem
Add these options to /etc/postfix/main.cf:
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Restart Postfix:
service postfix restart
Use of TLS will be noted in your mail headers and the Postfix log.
For example:
Nov 24 16:15:28 www postfix/smtpd[9410]: connect from mail.example.com[1.2.3.3]
Nov 24 16:15:28 www postfix/smtpd[9410]: setting up TLS connection from mail.example.com[1.2.3.4]
Nov 24 16:15:28 www postfix/smtpd[9410]: Anonymous TLS connection established from mail.example.com[1.2.3.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
| What this info useful to you? You can donate to say thanks |
Add a comment
Sign in to add a comment