{"id":3014,"date":"2018-03-18T19:21:04","date_gmt":"2018-03-18T15:51:04","guid":{"rendered":"http:\/\/www.serveridol.com\/?p=3035"},"modified":"2018-03-18T19:21:04","modified_gmt":"2018-03-18T15:51:04","slug":"how-do-i-enable-tls-on-postfix-mail-server","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/how-do-i-enable-tls-on-postfix-mail-server\/","title":{"rendered":"How do I enable TLS on postfix mail server"},"content":{"rendered":"

One of the clients complaints me that they are getting warning on the email those sent to Gmail.com domain. They are using 25 smtp port to send email using sql based mail server. So anybody in between the network can tap the email content since it been send through non-encrypted emails.<\/p>\n

So my plan is to enable tls handshake on my Postfix smtp server.<\/p>\n

The above screenshot says me that our mails are non-encrypted while communicating with outside. So we need to tweak some postfix setting in order to enable tls encryption. Edit the file \u201c\/etc\/postfix\/main.cf\u201d file and add the lines at the bottom. Pls note that I\u2019m using a valid ssl certificate for tls handshaking. You can also create self signed certificate for this purpose. No need to buy SSL for this.<\/p>\n

\n
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \/etc\/httpd\/ssl\/private\/postfix.key -out \/etc\/httpd\/ssl\/private\/postfix.crt<\/div>\n<\/div>\n
\n
############### Enabling tls on postfix ###############
\n# logging
\nsmtpd_tls_loglevel = 1
\n# Allow use of TLS but make it optional
\nsmtp_use_tls=yes
\n# Disable SSLv2\/3 as they are vulnerable
\nsmtpd_tls_protocols = !SSLv2, !SSLv3
\nsmtp_tls_protocols = !SSLv2, !SSLv3
\n# Insist on stronger ciphers
\nsmtpd_tls_ciphers = high
\nsmtp_tls_ciphers = high
\n# keys
\nsmtp_tls_cert_file = \/etc\/httpd\/ssl\/private\/postfix.crt
\nsmtp_tls_key_file = \/etc\/httpd\/ssl\/private\/postfix.key<\/div>\n<\/div>\n

Next restart postfix server and test it.<\/p>\n

\n
\u00a0[root@Web01 liju]#\/etc\/init.d\/postfix restart<\/div>\n<\/div>\n

Now you should be able to send email over tls encryption.<\/p>\n","protected":false},"excerpt":{"rendered":"

One of the clients complaints me that they are getting warning on the email those sent to Gmail.com domain. They are using 25 smtp port to send email using sql based mail server. So anybody in between the network can tap the email content since it been send through non-encrypted emails. So my plan is …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,36],"tags":[],"class_list":["post-3014","post","type-post","status-publish","format-standard","hentry","category-server","category-36"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/3014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=3014"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/3014\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=3014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=3014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=3014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}