Difference between revisions of "TLS configuration for postfix"
From Notes_Wiki
(Created page with "<yambe:breadcrumb>Postfix_server_configuration|Postfix server configuration</yambe:breadcrumb> =TLS configuration for postfix= # mkdir -p /etc/postfix/ssl # Generate self-sig...") |
m |
||
Line 15: | Line 15: | ||
#:: smtpd_tls_security_level = may | #:: smtpd_tls_security_level = may | ||
#:</pre> | #:</pre> | ||
# service postfix restart | |||
Note that if smtp auth is enabled, then disabling plaintext auth over nonencrypted channels using: | Note that if smtp auth is enabled, then disabling plaintext auth over nonencrypted channels using: | ||
Line 21: | Line 22: | ||
smtpd_sasl_tls_security_options = noanonymous | smtpd_sasl_tls_security_options = noanonymous | ||
</pre> | </pre> | ||
is causing postfix to not work. Hence we depend on user to prefer TLS over unecrypted channel for plaintext authentication. | is '''causing postfix to not work.''' Hence we depend on user to prefer TLS over unecrypted channel for plaintext authentication. | ||
Steps learned from http://www.postfix.org/TLS_README.html | Steps learned from http://www.postfix.org/TLS_README.html |
Revision as of 12:17, 19 December 2014
<yambe:breadcrumb>Postfix_server_configuration|Postfix server configuration</yambe:breadcrumb>
TLS configuration for postfix
- mkdir -p /etc/postfix/ssl
- Generate self-signed certificate using:
- openssl req -new -x509 -days 999 -nodes -out postfix.pem -keyout postfix.pem
- chown postfix:postfix postfix.pem
- chmod 400 postfix.pem
- Add following lines to /etc/postfix/main.cf
- smtpd_tls_cert_file = /etc/postfix/ssl/postfix.pem
- smtpd_tls_key_file = $smtpd_tls_cert_file
- smtpd_tls_security_level = may
- service postfix restart
Note that if smtp auth is enabled, then disabling plaintext auth over nonencrypted channels using:
smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous
is causing postfix to not work. Hence we depend on user to prefer TLS over unecrypted channel for plaintext authentication.
Steps learned from http://www.postfix.org/TLS_README.html