RE: Support for Email Server TLS encryption on Sentora?
02-15-2016, 10:19 PM
(This post was last modified: 05-08-2016, 02:44 AM by americanninja.)
Thank you Me.B. Yeah, actually I just noticed it on gmail yesterday. It seems Google just launched this feature sometime this week. So maybe you haven't received an email from a server not using TLS.
Anyway, I gave it a bit more searching and I came across this site:
http://xmodulo.com/secure-mail-server-us...ption.html
I just followed the instructions under the "Enable TLS Encryption for Postfix". It was actually quite simple. Just created a self cert, modified the main.cf file and then restarting postfix. Just tested my server to send an outbound email to my gmail account and no more padlock. Looks like emails are now being encrypted.
Well, anyway, in case anyone finds this thread while searching Google, they will know how to fix it. I will copy and paste the instructions below. If there is anything incorrect in there, let me know so I can fix what I did to my server.
Thanks!
Enable TLS Encryption for Postfix
A self-signed certificate can be created with the following command.
# openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/postfixcert.pem -keyout /etc/ssl/private/postfixkey.pem
The above command requests a new certificate which is of type X.509, and remains valid for 365 days. The optional -nodes parameter specifies that the private key should not be encrypted. An output certificate file is saved as postfixcert.pem, and an output key file as postfixkey.pem .
All necessary values for the certificate can be given:
root@mail:~# vim /etc/postfix/main.cf
### STARTTLS is enabled ###
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_auth_only = yes
### loglevel 3 should be used while troubleshooting ###
smtpd_tls_loglevel = 1
### path to certificate and key file
smtpd_tls_cert_file = /etc/ssl/certs/postfixcert.pem
smtpd_tls_key_file = /etc/ssl/private/postfixkey.pem
smtpd_use_tls=yes
Restart postfix to enable TLS.
root@mail:~# service postfix restart
At this point, postfix is ready to encrypt data to and from the server. More details about Postfix TLS support can be found in their official README.
Anyway, I gave it a bit more searching and I came across this site:
http://xmodulo.com/secure-mail-server-us...ption.html
I just followed the instructions under the "Enable TLS Encryption for Postfix". It was actually quite simple. Just created a self cert, modified the main.cf file and then restarting postfix. Just tested my server to send an outbound email to my gmail account and no more padlock. Looks like emails are now being encrypted.
Well, anyway, in case anyone finds this thread while searching Google, they will know how to fix it. I will copy and paste the instructions below. If there is anything incorrect in there, let me know so I can fix what I did to my server.
Thanks!
Enable TLS Encryption for Postfix
A self-signed certificate can be created with the following command.
# openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/postfixcert.pem -keyout /etc/ssl/private/postfixkey.pem
The above command requests a new certificate which is of type X.509, and remains valid for 365 days. The optional -nodes parameter specifies that the private key should not be encrypted. An output certificate file is saved as postfixcert.pem, and an output key file as postfixkey.pem .
All necessary values for the certificate can be given:
Code:
Country Name (2 letter code) [AU]:BD
State or Province Name (full name) [Some-State]:Dhaka
Locality Name (eg, city) []:Dhaka
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:Example.tst
Common Name (e.g. server FQDN or YOUR name) []:mail.example.tst
Email Address []:sarmed@example.tst
Now that the certificate is ready, necessary parameters are adjusted in postfix configuration file.
root@mail:~# vim /etc/postfix/main.cf
### STARTTLS is enabled ###
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_auth_only = yes
### loglevel 3 should be used while troubleshooting ###
smtpd_tls_loglevel = 1
### path to certificate and key file
smtpd_tls_cert_file = /etc/ssl/certs/postfixcert.pem
smtpd_tls_key_file = /etc/ssl/private/postfixkey.pem
smtpd_use_tls=yes
Restart postfix to enable TLS.
root@mail:~# service postfix restart
At this point, postfix is ready to encrypt data to and from the server. More details about Postfix TLS support can be found in their official README.