How do I enable TLS on postfix mail server
One of the clients complaints me that they are getting warning on the email those sent to Gmail.com domain. They are using 25 smtp port to send email using sql based mail server. So anybody in between the network can tap the email content since it been send through non-encrypted emails.
So my plan is to enable tls handshake on my Postfix smtp server.
The above screenshot says me that our mails are non-encrypted while communicating with outside. So we need to tweak some postfix setting in order to enable tls encryption. Edit the file “/etc/postfix/main.cf” file and add the lines at the bottom. Pls note that I’m using a valid ssl certificate for tls handshaking. You can also create self signed certificate for this purpose. No need to buy SSL for this.
# logging
smtpd_tls_loglevel = 1
# Allow use of TLS but make it optional
smtp_use_tls=yes
# Disable SSLv2/3 as they are vulnerable
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
# Insist on stronger ciphers
smtpd_tls_ciphers = high
smtp_tls_ciphers = high
# keys
smtp_tls_cert_file = /etc/httpd/ssl/private/postfix.crt
smtp_tls_key_file = /etc/httpd/ssl/private/postfix.key
Next restart postfix server and test it.
Now you should be able to send email over tls encryption.