tls howto add to postfix Many thanks for your post. If I only need TLS and not smtp-auth would that be ok and just install postfix-tls and what other packages and follow the howto from which line please. hotchili
I haven't tried without SMTP-AUTH yet. I think you should use SMTP-AUTH, or you will have an open relay for spammers...
postfix/TLS here is whay my main.cf look like now alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix inet_interfaces = all mail_owner = postfix mailbox_command = /usr/bin/procmail mailq_path = /usr/bin/mailq manpage_directory = /usr/man mydestination = $myhostname, localhost.$mydomain, $mydomain myhostname = xstation.abcd.net mynetworks = 192.168.1.0/24, 127.0.0.0/8 mynetworks_style = host myorigin = /etc/mailname newaliases_path = /usr/bin/newaliases sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) unknown_local_recipient_reject_code = 550 what I want the TLS to look something like is this # TLS configuration smtpd_use_tls = yes smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/postfix/tls/xstation_mail_req.pem smtpd_tls_cert_file = /etc/postfix/tls/xstation_mail_cert.pem smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandomK
It's all described on the page I posted: Code: mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = server1.example.com'
Postfix /tls Thanks for your reply. Now that I have installed postfix already and want to go ahead with your howto what should I do unistall postfix or just install the missing packages . hc
Postfix /tls If I want to specify the cipher DHE-RSA-AES256-SHA what would the command line look like: thanks HC
tls/potfix thanks for your reply something like this see foot of page for ciphers http://www.noreply.org/tls/cert-mail2.frell.eu.org.txt
tls/postfix ok I am set to start just a few things to clear up first. a: in post 11 of this thread you said to install the missing packages this has been done. but when installing postfix-tls the print out was---Note, selecting postfix instead of postfix-tls postfix is already the newest version.------ b: in post 8 of this thread you showed a print out --code ---etc is this where in the howto should I begin? bearing in mind I have postfix already configured--see post 7 of this thread. hc c:
Because you already installed it when you did the Postfix configuration. Begin here: http://www.howtoforge.com/perfect_setup_ubuntu_5.10_p3 and leave out the Postfix configuration.
tls/postfix Thanks for your post. Please can you highlight the part of the howto whch should not be used. hc
Do not use the part you already did (the Postfix configuration). However, it doesn't cause problems if you do it again, so if you're in doubt, do the whole setup...
postfix/tls Thanks for your post Falko Since postfix is configured I will start here : http://www.howtoforge.com/perfect_setup_ubuntu_5.10_p4 as suggested in post 4 of this thread with the line: postconf -e 'smtpd_sasl_local_domain =' ----------------------------------------------------------- In the line postconf -e 'smtpd_tls_auth_only = no' I will answer yes to this as this is a personal preference Hc