Professional Documents
Culture Documents
1 of 6
http://wiki.lenux.org/configure-postfix-with-tls/
Start
Tutorials
Configuration
In order to use TLS, the Postfix SMTP server needs a
Categories
Apache (5)
Cluster (10)
FTP (1)
smtpd_tls_cert_file = /etc/postfix/ssl/server-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/server-key.pem
#smtpd_tls_CAfile = /etc/postfix/ssl/CAcert.pem
10/5/2016 11:38 AM
2 of 6
smtpd
vi /etc/postfix/main.cf
http://wiki.lenux.org/configure-postfix-with-tls/
OSCam (15)
Postfix (5)
Security (4)
(2)
Syslog (1)
System (10)
vi /etc/postfix/main.cf
10/5/2016 11:38 AM
3 of 6
http://wiki.lenux.org/configure-postfix-with-tls/
submission inet n
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated
smtpd_tls_security_level=encrypt
smtpd_sasl_auth_enable=yes
Test
Check TLS support
10/5/2016 11:38 AM
4 of 6
http://wiki.lenux.org/configure-postfix-with-tls/
to gmail-smtp-in.l.google.com[74.125.136.27]:25: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
bits)
5 of 6
http://wiki.lenux.org/configure-postfix-with-tls/
define a hash table with recipients that you want to force the
TLS connection:
vi /etc/postfix/main.cf
vi /etc/postfix/tls_client_policy
must-be-tls.com
encrypt
must-be-tls-but-it-cant.com
encrypt
postmap /etc/postfix/tls_client_policy
10/5/2016 11:38 AM
6 of 6
http://wiki.lenux.org/configure-postfix-with-tls/
vi /etc/postfix/tls_server_policy
sender-must-be-tls.com
reject_plaintext_session
sender-must-be-tls-but-it-cant.com
reject_plaintext_session
AWStats
10/5/2016 11:38 AM