Postfix-TLS/Cyrus-SSL Configuration
This page show you how to configure Postfix with TLS support to use a Certficate. This example was used on a Debian System, but should be similar for most other systems.
Generate Local Server-side Certificate
You will need to generate a certificate, eg:
cd /etc/ssl/private openssl req -nodes -new -keyout server.key -out server.csr
and supplying the values at the prompt.
Generate CACert Certificate
Paste the contents of the server.csr file into the CAcert website, you will need to verify your domains before hand etc. Then when you are shown/sent your certificate open /etc/ssl/certs/server.crt and paste the contents into that file.
Update Postfix configuration files
For split-file configuration, edit the file /etc/postfix/main.cf and uncomment or add the following to the bottom:
### Transport Layer Security ### # Server side TLS smtpd_use_tls = yes smtpd_tls_key_file = /etc/ssl/private/server.key smtpd_tls_cert_file = /etc/ssl/certs/server.crt smtpd_tls_CAfile = /etc/ssl/certs/cacert.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s # Client side TLS smtp_use_tls = yes smtp_tls_key_file = /etc/ssl/private/server.key smtp_tls_cert_file = /etc/ssl/certs/server.crt smtp_tls_CAfile = /etc/ssl/certs/cacert.crt # Misc TLS tls_random_source = dev:/dev/urandom
In /etc/imapd.conf
tls_cert_file: /etc/ssl/certs/server.crt tls_key_file: /etc/ssl/private/server.key
Then, activate the changes by:
/etc/init.d/postfix restart /etc/init.d/cyrus restart
Reference
Following help information taken from the CAcert website and UK Indymedia doc site: http://www.CAcert.org/help.php http://docs.indymedia.org/view/Sysadmin/CaCertSsl
Alternatively you can find more information here:
[http://www.projektfarm.com/en/support/howto/postfix_smtp_auth_tls.html Postfix SSL Configuration]
There is a document here on building and installing a Postfix RPM on Fedora and setting up a CAcert certificate: http://wiki.slugbug.org.uk/Postfix_TLS