Date: 2008jul9
Q. How can I make Postfix support secure SMTP (SMTPS)
(This uses SSL and runs on port 465)
A. I prefer TLS on port 25 -- there is another article about that.
http://www.davekb.com/search.php?target=postfix+TLS
If you want a way for valid remote users to be able to post from from
their mail clients see this article.
http://www.davekb.com/search.php?target=postfix+submission
If you still want to setup an SMTPS service read on.
With RedHat/Fedora its pretty easy.
Make a self-signed certificate like this:
cd /etc/pki/tls/certs
make postfix.pem
Add these options to /etc/postfix/main.cf:
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Uncomment and modify these lines in /etc/postfix/master.cf
smtps inet n - n - - smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
On the first line above we changed smtpd to smtps
This means you get "smtps" in the log which is useful.
To make that work, create this symbolic link:
ln -s /usr/libexec/postfix/smtpd /usr/libexec/postfix/smtps
Restart Postfix:
service postfix restart
Finally you need to open port 465 in your firewall.
Run system-config-security-level and add smtps:tcp
or directly edit /etc/sysconfig/iptables
| What this info useful to you? You can donate to say thanks |
Add a comment
Sign in to add a comment