Postfix TLS

1.   Introduction
1.1   Configure Postfix main.cf file

Introduction

Requires that a server certificate signed by CACert.org has already been aquired.

• GetServerCertificateFromCACert

Configure Postfix main.cf file

Add this configuration to '/etc/postfix/main.cf' if that's where your main.cf is.

 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 smtp_tls_cert_file = /etc/ssl/private/flexion_certificate.pem
 smtp_tls_key_file = /etc/ssl/private/flexion_privatekey.pem
 smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
 smtp_use_tls = yes
 
 smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 smtpd_tls_cert_file = /etc/ssl/private/flexion_certificate.pem
 smtpd_tls_key_file = /etc/ssl/private/flexion_privatekey.pem
 smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
 smtpd_use_tls = yes
 
 smtpd_tls_received_header = yes
 smtpd_tls_loglevel = 1
 smtpd_tls_auth_only = no
 tls_random_source = dev:/dev/urandom

• The 'smtpd_tls_auth_only' line allows authentication to all clients, not just those using TLS
• I have found this to be necessary for some users/email clients.

References

• http://www.cyberciti.biz/tips/postfix-smtp-ssl-certificate-csr-installation-guide.html
• http://www.iki.fi/petri.koistinen/postfix/postfix-tls-cacert.shtml
• http://homepage.mac.com/pauljlucas/personal/macmini/certs.html
• https://www.cacert.org/help.php?id=6
• http://wiki.cacert.org/wiki/CSR
• http://wiki.cacert.org/wiki/SubmitCsr
• http://wiki.cacert.org/wiki/CSRGenerator
• http://wiki.cacert.org/wiki/PostfixConfiguration

$Id: PostfixTLS,v 1.26 2008/01/06 09:34:21 martin Exp $