Revision as of 12:17, 19 December 2014

<yambe:breadcrumb>Postfix_server_configuration|Postfix server configuration</yambe:breadcrumb>

TLS configuration for postfix

Generate self-signed certificate using:

openssl req -new -x509 -days 999 -nodes -out postfix.pem -keyout postfix.pem

Add following lines to /etc/postfix/main.cf

smtpd_tls_cert_file = /etc/postfix/ssl/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may

Note that if smtp auth is enabled, then disabling plaintext auth over nonencrypted channels using:

      smtpd_sasl_security_options = noanonymous, noplaintext
      smtpd_sasl_tls_security_options = noanonymous

is causing postfix to not work. Hence we depend on user to prefer TLS over unecrypted channel for plaintext authentication.

@@ Line 15: / Line 15: @@
 #::      smtpd_tls_security_level = may
 #:</pre>
+# service postfix restart
 Note that if smtp auth is enabled, then disabling plaintext auth over nonencrypted channels using:
@@ Line 21: / Line 22: @@
        smtpd_sasl_tls_security_options = noanonymous
 </pre>
-is causing postfix to not work.  Hence we depend on user to prefer TLS over unecrypted channel for plaintext authentication.
+is '''causing postfix to not work.'''  Hence we depend on user to prefer TLS over unecrypted channel for plaintext authentication.
 Steps learned from http://www.postfix.org/TLS_README.html