• Linux
  • FreeBSD
  • Networking
  • Python
  • AWS
  • WebDev
  • About Us
Tech Tips and Tutorials
Menu
  • Linux
  • FreeBSD
  • Networking
  • Python
  • AWS
  • WebDev
  • About Us
Home  /  Linux  /  SSL configuration for Postfix SMTP relay server

SSL configuration for Postfix SMTP relay server

Written by
Linux Leave a Comment

Sometimes we need to use postfix as a relay SMTP server . This is needed if you have devices on your network that generates system emails and sent it to your mail. In most cases , it ends up in spam folder if you don’t have a proper relay server for these emails . So we need to have a smtp hostname ‘smtp.yourdomain.com’ . And you configure port 25 for all email relays . This works fine but the email servers like the google mail etc accepts your email but then shows a ‘red lock’ on your mails with a status ‘yourdomain.com did not encrypt this mail’ .

You need to use a proper SSL certificate to encrypt your emails and also to avoid these warning from google. This encryption might be a standard for all emails in future if google decides to drop any unencrypted mails . So its better to configure your email server with SSL certs . You can buy the certificates from any SSL vendors and you can also use letsencrypt certificates for this .

Once you get the certificates from the vendor , create a folder as below and copy the cert files to this location :

/etc/postfix/ssl/

Now open the postfix conf file ,

/etc/postfic/main.cf

Then configure the ‘smtp Auth’ which comes below the ‘My Networks’ options in the conf file . Please note this is just a stmp relay server , no dovecot or courier authentication is required in this set up . If you are using the certs for dovecot/courier ,the smtp auth configuration is different and you might need to enable the smtp_use_auth etc .There are lots of tutorials out there regarding those kind of set ups .

####### smtp auth ########
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_key_file =   /etc/postfix/ssl/private.key
smtpd_tls_cert_file =   /etc/postfix/ssl/smtp_yourdomain_com.crt
smtpd_tls_CAfile =   /etc/postfix/ssl/smtp_yourdomain.ca-bundle
smtpd_tls_loglevel = 1
smtpd_tls_received_header   = yes
smtpd_tls_session_cache_timeout   = 3600s
tls_random_source =   dev:/dev/urandom

The next file to check is the /etc/master.cf . This is the file we configure the ports 25 , 465 etc for smtp relay. So if you are uisng ports 25 and 465 , these two below should be un commented .

smtp      inet  n       -       n       -       -       smtpd
465        inet  n       -       n       -       -       smtpd

Also it is recoomended to uncomment the below index and set to ‘may’ .If its set to ‘encryption’ , it will force all the emails to encrypt and if the receiving mail server is not configured for a TLS negotiation , the server will drop the mails .

-o smtpd_tls_security_level=may

Any changes on main.cf or master.cf requires a postfix restart

postfix reload
service postfix restart

So if everything is fine you will start seeing ‘standard encryption’ in your emails in google as below :

By default , the postfix logs are in /var/log/maillog and you might need it for any troubleshooting .

Share On
Share on Facebook
Share on Twitter
Share on Google+
Share on Whatsapp

 Previous Article Find the ports listening on Linux
Next Article   How to redirect subprocess.Popen output to a file using in Python

Related Posts

  • Linux Shell Scripts for System Administrators

  • SOCKS PROXY

  • How to grep IP addresses from log files in Linux

Leave a Reply

Cancel reply

  • Popular Posts
  • Recent Posts
  • Linux Shell Scripts for System Administrators
  • Cacti 1.1.38 ERROR Opening .rrd No Such file or directory
  • Apache configuration for Cacti
  • How to create RAM disk in Ubuntu 18.04
  • Linux Shell Scripts for System Administrators
  • SOCKS PROXY
  • How to install XAMPP and access phpMyAdmin in MAC OS
  • How to increase the root volume in a Linux ec2 instance

Linux

  • Linux Shell Scripts for System Administrators
  • SOCKS PROXY
  • How to grep IP addresses from log files in Linux
  • How to empty or delete a large file in Linux

Categories

  • AWS (5)
  • FreeBSD (12)
  • Linux (29)
  • Networking (3)
  • Python (5)
  • Uncategorized (4)
  • WebDev (1)
  • Connect on Facebook
  • Connect on YouTube
© Copyright 2020.TechieNix. All Rights Reserved.
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.