Mail Server - Secure connection - Configuring Postfix

Now we've created our self-signed certificate, we can go ahead and configure Postfix to use it.



As with the previous Postfix configuration we need to edit the file:

sudo nano /etc/postfix/

TLS parameters

Halfway down the file you will see the section headed 'TLS parameters' with the following default entries:

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

It may be easier to simply delete the existing default entries as shown above.

We will be replacing them with the following entries:

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/ssl/certs/mailcert.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

Take a look at what we have done - all we are doing is enabling secure connections, what connections we will accept and, lastly, we define where the self-signed certificate is located.

PEM file (or lack thereof)

If you purchased a certificate or create a self-signed one using a different technique, you may find you don't actually have a 'pem' file but instead have two files.

One will be end with 'cert', the other will end with 'key'.

If that is the case you would change the final two lines shown above to something like this:

smtpd_tls_cert_file = /etc/ssl/cert/mailcert.cert
smtpd_tls_key_file = /etc/ssl/private/mailcert.key

Of course, you would replace the path and name of the two files with your own but all you need to do is define the locations of both files.


Configuring Postfix to use our self-signed or purchased certificates allows us to have a secure connection when connecting to the mail server.

Now we can concentrate on installing Courier so we have POP and IMAP access to the mail server.

Previous Article
Next Article

© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER