How do you properly enable encryption in Postfix?

Discussion in 'HOWTO-Related Questions' started by fbarcenas, Apr 29, 2016.

  1. fbarcenas

    fbarcenas Member

    My certs are properly install I tested them and they are fine.

    I changed:
    smtpd_tls_security_level = may
    smtpd_tls_security_level = encrypt
    and mail was being retunred with:
    <[email protected]>: host[] said: 530
        5.7.0 id=23526-06 - Rejected by next-hop MTA on relaying, from
        MTA(smtp:[]:10027): 530 5.7.0 Must issue a STARTTLS command first
        (in reply to end of DATA command)
    so I added:
    -o smtpd_tls_wrappermode=yes
    Code: inet n - n - - smtpd
    in the

    then my mail began getting stuck in the queue with:
    (host[] said: 451 4.5.0 id=23584-06 - Temporary MTA failure on relaying, From MTA() during fwd-connect (No greeting, dt: 35.034 s): id=23584-06 (in reply to end of DATA command))
                                             [email protected]
    Is there a guide I can follow? I'm starting to run out of ideas.
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Seems, that amavis can not verify your cert. Is there any need to encrypt mails sending to localhost?
  3. fbarcenas

    fbarcenas Member

    Probably not. Any recommendation as to what I need to do? Do you know of a guide to help?
  4. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    -o smtpd_tls_security_level = may in the for amavis-connections?
  5. bpn4it

    bpn4it New Member

    Please set below parameter in file and restart/reload your postfix server.

    smtpd_tls_security_level = may
    smtp_tls_security_level = may
    smtpd_tls_key_file = /etc/postfix/certificate/server.key
    smtpd_tls_cert_file = /etc/postfix/certificate/server.pem
    smtpd_tls_CAfile = /etc/postfix/certificate/serverca.pem
    smtpd_tls_loglevel = 1
    smtp_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtp_tls_note_starttls_offer = yes
    smtp_tls_CAfile = $smtpd_tls_CAfile
    tls_random_source = dev:/dev/urandom
    smtpd_tls_session_cache_timeout = 3600s

    Bipin Patel

Share This Page