Ubuntu: How to setup TLS on postfix and dovecot
07-24-2014, 08:50 AM
(This post was last modified: 02-05-2015, 08:36 PM by Diablo925.)
NOTICE: This is an old guide, but may still work. You can skip to Step 3 and use your panel certificates.
Update the certificate paths to point to your panel certificates:
Example: /var/sentora/hostdata/zadmin/ssl/sencrypt/letsencrypt/panel.domain.com/
How to setup TLS on Postfix and dovecot
1: first make a folder in postfix call ssl
2: Run openssl and follow the screen
And
3: Configure Postfix
4: find # tls config and add
remove any things else under # tls config
and save and close
5: edit master.cf
add after " smtp inet n - n - - smtpd "
6: configure Dovecot
and change
and save and close
7: now we need to restart postfix and dovecot
now you can use TLS
Update the certificate paths to point to your panel certificates:
Example: /var/sentora/hostdata/zadmin/ssl/sencrypt/letsencrypt/panel.domain.com/
How to setup TLS on Postfix and dovecot
1: first make a folder in postfix call ssl
Code:
mkdir /etc/postfix/ssl
2: Run openssl and follow the screen
Code:
openssl req -new -x509 -days 365 -nodes -out /etc/postfix/ssl/mail.domain.tld.crt -keyout /etc/postfix/ssl/mail.domain.tld.key
Code:
openssl req -new -x509 -extensions v3_ca -keyout /etc/postfix/ssl/cakey.pem -out /etc/postfix/ssl/cacert.pem -days 3650
Code:
Country Name (2 letter code) [AU]:DK
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:City name
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:mail.domain.tld
Email Address []:e-mail
3: Configure Postfix
Code:
nano /etc/postfix/main.cf
4: find # tls config and add
Code:
# tls config
smtp_use_tls = no
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/ssl/mail.domain.tld.key
smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain.tld.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
and save and close
5: edit master.cf
Code:
nano /etc/postfix/master.cf
add after " smtp inet n - n - - smtpd "
Code:
submission inet n - n - - smtpd
6: configure Dovecot
Code:
nano /etc/dovecot/dovecot.conf
and change
Code:
ssl = no to ssl = yes
add
ssl_cert = </etc/postfix/ssl/mail.domain.tld.crt
ssl_key = </etc/postfix/ssl/mail.domain.tld.key
ssl_ca = </etc/postfix/ssl/cacert.pem
7: now we need to restart postfix and dovecot
Code:
service postfix restart
service dovecot restart
now you can use TLS