Example of postfix configuration with SSL encryption enabled¶
To configure email delivery with SSL encryption you need to make the following changes in the postfix configuration files:
/etc/postfix/main.cf
- file should contain the following entries in addition to standard (unchecked entries):mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = example.com
relayhost = [smtp.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /root/certs/cacert.cer
smtp_use_tls = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_tls_security_options = noanonymous
canonical_maps = hash:/etc/postfix/canonical
smtp_generic_maps = hash:/etc/postfix/generic
smtpd_recipient_restrictions = permit_sasl_authenticated
/etc/postfix/sasl/passwd
- file should define the data for authorized*`[smtp.example.com\]:587 [[USER@example.com:PASS]](mailto:USER@example.com:PASS)`*
You need to give appropriate permissions:
*`chmod 400 /etc/postfix/sasl_passwd`*
and map configuration to database:
*`postmap /etc/postfix/sasl_passwd`*
next you need to generate a ca cert file:
*`cat /etc/ssl/certs/Example\_Server\_CA.pem | tee -a etc/postfix/cacert.pem`*
And finally, you need to restart postfix
*`/etc/init.d/postfix restart`*