How do I setup TLS on a Postfix relay


  • Service Provider

    So, I do lot let any of my systems send email directly to the world. Everything has to filter through a Postfix relay, so I can have only a single point that send SMTP to the world. It gives me one place to monitor, etc.

    Now that I have SSL enabled on pretty much everything thanks to LetsEncrypt, I want to tackle setting up TLS on my Postfix relay.

    The domain itself is on O365, but the email is going out direct. I am not relaying through O365.

    0_1487002353686_upload-e809f9f5-daf2-40ae-85e4-7c9cbc107597

    I will hit the googles, later when I begin to work on this, but I was wondering if anyone has any direct experience with this already.



  • Watching... I've run into this in the past with Postfix


  • Service Provider

    Extremely simple.

    Place this at the end of your /etc/postfix/main.cf

    # Enable opportunistic outbound TLS. System always try TLS first.
    smtp_tls_security_level = may
    

    0_1489015302742_upload-fa697e37-2e40-4e26-ab9a-83865de3a296



  • Did you have to change these settings to point to your Let's Encrypt certificate?

    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    

  • Service Provider

    @NashBrydges said in How do I setup TLS on a Postfix relay:

    Did you have to change these settings to point to your Let's Encrypt certificate?

    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    

    No, because I am not receiving mail. For outbound TLS, you only need to enable it.



  • @JaredBusch Awesome. Tks Jared. Tested and works beautifully!


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.