User Tools

Site Tools


postfix_tls_auth_start

TLS Auth Stuff

I enabled all this in /etc/postfix/master.cf

  1. o smtpd_tls_security_level=encrypt
  2. o smtpd_enforce_tls=yes
  3. o smtpd_sasl_auth_enable=yes
  4. o smtpd_relay_restrictions=permit_sasl_authenticated,reject

This is the start of TLS auth and using Cyrus SASL authentication

More stuff

nano /etc/postfix/main.cf

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_recipient_restrictions =

 permit_sasl_authenticated,
 permit_mynetworks,
 check_relay_domains

smtpd_tls_security_level = encrypt smtpd_tls_auth_only = yes

Fuck me, this was annoying

   cat /etc/ssl/certs/postfix.pem 1_Intermediate.crt root.crt > /etc/ssl/certs/postfix2.pem

The first one is the cert given to me from startssl (this must go first), then the intermediate and root certs

   smtpd_tls_cert_file=/etc/ssl/certs/postfix2.pem
   smtpd_tls_key_file=/etc/ssl/private/postfix.pem

The second line here is the private key that I made.

   smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

Don't know if I needed this since its in the postfix2.pem

postfix_tls_auth_start.txt · Last modified: 2017/03/22 23:19 (external edit)