Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th March 2006, 17:31
hotchilli hotchilli is offline
Member
 
Join Date: Jan 2006
Posts: 60
Thanks: 2
Thanked 0 Times in 0 Posts
Default postfix---tls

Is there a howto for adding TLS to postfix?

hc
Reply With Quote
Sponsored Links
  #2  
Old 9th March 2006, 19:20
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,714 Times in 2,556 Posts
Default

Which distribution do you use?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 10th March 2006, 11:46
hotchilli hotchilli is offline
Member
 
Join Date: Jan 2006
Posts: 60
Thanks: 2
Thanked 0 Times in 0 Posts
Default is there a HOWTO to add TLS to postfix

unbuntu breezy badger 5-10
Reply With Quote
  #4  
Old 10th March 2006, 12:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,714 Times in 2,556 Posts
Default

Have a look here: http://www.howtoforge.com/perfect_setup_ubuntu_5.10_p4
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 10th March 2006, 15:16
hotchilli hotchilli is offline
Member
 
Join Date: Jan 2006
Posts: 60
Thanks: 2
Thanked 0 Times in 0 Posts
Default tls howto add to postfix

Many thanks for your post.

If I only need TLS and not smtp-auth would that be ok and just install postfix-tls
and what other packages and follow the howto from which line please.

hotchili
Reply With Quote
  #6  
Old 10th March 2006, 15:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,714 Times in 2,556 Posts
Default

I haven't tried without SMTP-AUTH yet. I think you should use SMTP-AUTH, or you will have an open relay for spammers...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 10th March 2006, 16:41
hotchilli hotchilli is offline
Member
 
Join Date: Jan 2006
Posts: 60
Thanks: 2
Thanked 0 Times in 0 Posts
Default postfix/TLS

here is whay my main.cf look like now

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/man
mydestination = $myhostname, localhost.$mydomain, $mydomain
myhostname = xstation.abcd.net
mynetworks = 192.168.1.0/24, 127.0.0.0/8
mynetworks_style = host
myorigin = /etc/mailname
newaliases_path = /usr/bin/newaliases
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
unknown_local_recipient_reject_code = 550



what I want the TLS to look something like is this

# TLS configuration
smtpd_use_tls = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/tls/xstation_mail_req.pem
smtpd_tls_cert_file = /etc/postfix/tls/xstation_mail_cert.pem
smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandomK
Reply With Quote
  #8  
Old 10th March 2006, 18:44
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,714 Times in 2,556 Posts
Default

It's all described on the page I posted:

Code:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = server1.example.com'
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 10th March 2006, 20:37
hotchilli hotchilli is offline
Member
 
Join Date: Jan 2006
Posts: 60
Thanks: 2
Thanked 0 Times in 0 Posts
Default Postfix /tls

Thanks for your reply.

Now that I have installed postfix already and want to go ahead with
your howto what should I do unistall postfix or just install the missing packages .

hc
Reply With Quote
  #10  
Old 10th March 2006, 20:47
hotchilli hotchilli is offline
Member
 
Join Date: Jan 2006
Posts: 60
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default Postfix /tls

If I want to specify the cipher DHE-RSA-AES256-SHA
what would the command line look like:
thanks

HC
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
problems sending receiving mail on Postfix mavgh1 HOWTO-Related Questions 17 10th March 2006 12:43
Bug? (postfix refuses mail, relay access denied) st2xo General 2 31st January 2006 16:00
postfix starts and stops why lhatle Installation/Configuration 2 21st December 2005 15:20
postfix problem flourishing General 1 7th December 2005 17:39
Removed PostFix, Now MySql Problems!!! sapient Installation/Configuration 10 24th October 2005 07:11


All times are GMT +2. The time now is 17:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.