This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Ubuntu: How to setup TLS on postfix and dovecot
#1
Ubuntu: How to setup TLS on postfix and dovecot
NOTICE: This is an old guide, but may still work. You can skip to Step 3 and use your panel certificates.
Update the certificate paths to point to your panel certificates:
Example: /var/sentora/hostdata/zadmin/ssl/sencrypt/letsencrypt/panel.domain.com/

How to setup TLS on Postfix and dovecot

1: first make a folder in postfix call ssl
Code:
mkdir /etc/postfix/ssl

2: Run openssl and follow the screen
Code:
openssl req -new -x509 -days 365 -nodes -out /etc/postfix/ssl/mail.domain.tld.crt -keyout /etc/postfix/ssl/mail.domain.tld.key
And
Code:
openssl req -new -x509 -extensions v3_ca -keyout /etc/postfix/ssl/cakey.pem -out /etc/postfix/ssl/cacert.pem -days 3650

Code:
Country Name (2 letter code) [AU]:DK
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:City name
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:mail.domain.tld
Email Address []:e-mail

3: Configure Postfix

Code:
nano /etc/postfix/main.cf

4: find # tls config and add
Code:
# tls config


smtp_use_tls = no
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/ssl/mail.domain.tld.key
smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain.tld.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
remove any things else under # tls config
and save and close

5: edit master.cf

Code:
nano /etc/postfix/master.cf

add after " smtp      inet  n       -       n       -       -       smtpd "
Code:
  
 submission   inet  n       -       n       -       -       smtpd

6: configure Dovecot

Code:
nano /etc/dovecot/dovecot.conf

and change

Code:
ssl = no to ssl = yes
add
ssl_cert = </etc/postfix/ssl/mail.domain.tld.crt
ssl_key = </etc/postfix/ssl/mail.domain.tld.key
ssl_ca = </etc/postfix/ssl/cacert.pem
and save and close

7: now we need to restart postfix and dovecot

Code:
service postfix restart
service dovecot restart

now you can use TLS

[Image: KLnN9f9.png]
Sentora 1.0.3 on [Image: DO_Logo_Horizontal_Blue-3db19536.png]

-= Github =-  -= My Repo =-

My Modules
Reply
Thanks given by:
#2
RE: Ubuntu: How to setup TLS on postfix and dovecot
Made an update so now Works on ubuntu 14.04
Sentora 1.0.3 on [Image: DO_Logo_Horizontal_Blue-3db19536.png]

-= Github =-  -= My Repo =-

My Modules
Reply
Thanks given by:
#3
RE: Ubuntu: How to setup TLS on postfix and dovecot
(07-24-2014, 08:50 AM)Diablo925 Wrote: How to setup TLS on Postfix and dovecot
[...]

but this guide is for a single domain? ... And for others?
or "domain.tld" should be replaced with, in my case, vpsXXXXX.ovh.net?
Reply
Thanks given by:
#4
RE: Ubuntu: How to setup TLS on postfix and dovecot
Yes it is 1 domain
Sentora 1.0.3 on [Image: DO_Logo_Horizontal_Blue-3db19536.png]

-= Github =-  -= My Repo =-

My Modules
Reply
Thanks given by:
#5
RE: Ubuntu: How to setup TLS on postfix and dovecot
You will setup TLS on main server MX reverse, you can't setup an SSL for every domain!

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

200$ free to start your VPS 60 days credit
Reply
Thanks given by:
#6
RE: Ubuntu: How to setup TLS on postfix and dovecot
I have a vps with multiple domains, how should I do?
Reply
Thanks given by:
#7
RE: Ubuntu: How to setup TLS on postfix and dovecot
you setup only TLS on main domain used for reverse! and you point to it using MX instead of each having another MX.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

200$ free to start your VPS 60 days credit
Reply
Thanks given by:
#8
RE: Ubuntu: How to setup TLS on postfix and dovecot
The mails from my server are send from the Hostname of the server (hostname.domain.tld) and the MX record point to mail.domain.tld.

I pointed the PTR to mail.domain.tld but now changed it to hostname.domain.tld because first I thought the mails are send from mail.domain.tld.

Now where should I setup the TLS to? mail.domain.tld (Which is pointed by the MX record) or hostname.domain.tld (Which is the sender of the emails)?

Thank you
Reply
Thanks given by:
#9
RE: Ubuntu: How to setup TLS on postfix and dovecot
I have my TLS setup on the mx.domain.tld
Use this test to check if your TLS ison the right domain:
http://checktls.com/perl/TestReceiver.pl

You should see something simlar to this:
Cert VALIDATED: ok
Cert Hostname VERIFIED (mail.domain.tld = mail.domain.tld)
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#10
RE: Ubuntu: How to setup TLS on postfix and dovecot
(04-25-2015, 06:18 PM)apinto Wrote: I have my TLS setup on the mx.domain.tld
Use this test to check if your TLS ison the right domain:
http://checktls.com/perl/TestReceiver.pl

You should see something simlar to this:
Cert VALIDATED: ok
Cert Hostname VERIFIED (mail.domain.tld = mail.domain.tld)

Thank you! That worked. I got my TLS setup on mail.domain.tld too Big Grin
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Proper CRON setup TGates 9 36 ,595 05-15-2018, 01:07 AM
Last Post: johnk42

Forum Jump:


Users browsing this thread: 2 Guest(s)