This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Support for Email Server TLS encryption on Sentora?
#5
RE: Support for Email Server TLS encryption on Sentora?
Thank you Me.B. Yeah, actually I just noticed it on gmail yesterday. It seems Google just launched this feature sometime this week. So maybe you haven't received an email from a server not using TLS.

Anyway, I gave it a bit more searching and I came across this site:

http://xmodulo.com/secure-mail-server-us...ption.html

I just followed the instructions under the "Enable TLS Encryption for Postfix". It was actually quite simple. Just created a self cert, modified the main.cf file and then restarting postfix. Just tested my server to send an outbound email to my gmail account and no more padlock. Looks like emails are now being encrypted.

Well, anyway, in case anyone finds this thread while searching Google, they will know how to fix it. I will copy and paste the instructions below. If there is anything incorrect in there, let me know so I can fix what I did to my server.

Thanks!


Enable TLS Encryption for Postfix
A self-signed certificate can be created with the following command.

# openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/postfixcert.pem -keyout /etc/ssl/private/postfixkey.pem
The above command requests a new certificate which is of type X.509, and remains valid for 365 days. The optional -nodes parameter specifies that the private key should not be encrypted. An output certificate file is saved as postfixcert.pem, and an output key file as postfixkey.pem .

All necessary values for the certificate can be given:

Code:
Country Name (2 letter code) [AU]:BD
State or Province Name (full name) [Some-State]:Dhaka
Locality Name (eg, city) []:Dhaka
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:Example.tst
Common Name (e.g. server FQDN or YOUR name) []:mail.example.tst
Email Address []:sarmed@example.tst
Now that the certificate is ready, necessary parameters are adjusted in postfix configuration file.

root@mail:~# vim /etc/postfix/main.cf
### STARTTLS is enabled ###
smtpd_tls_security_level = may

smtpd_tls_received_header = yes
smtpd_tls_auth_only = yes

### loglevel 3 should be used while troubleshooting ###
smtpd_tls_loglevel = 1

### path to certificate and key file
smtpd_tls_cert_file = /etc/ssl/certs/postfixcert.pem
smtpd_tls_key_file = /etc/ssl/private/postfixkey.pem
smtpd_use_tls=yes
Restart postfix to enable TLS.

root@mail:~# service postfix restart
At this point, postfix is ready to encrypt data to and from the server. More details about Postfix TLS support can be found in their official README.
Reply
Thanks given by: warmax356 , surety


Messages In This Thread
RE: Support for Email Server TLS encryption on Sentora? - by americanninja - 02-15-2016, 10:19 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
Email has suddenly stopped coming through rsthomas 4 6 ,057 10-12-2022, 09:29 PM
Last Post: rsthomas
External mail client cannot connect to server iraqiboy90 2 7 ,017 02-28-2021, 11:34 AM
Last Post: iraqiboy90
can not send email - SMTP error on roundcube wolvepy 9 31 ,758 01-03-2020, 08:37 AM
Last Post: Telepuzik

Forum Jump:


Users browsing this thread: 10 Guest(s)