This article describes how to configure Postfix and Dovecot to use SSL/TLS to encrypt communication. Before you begin, generate an SSL certificate.

Postfix

Edit main.cf1. Edit the file /etc/postfix/main.cf and add the lines below.
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.acme.local.cert
smtpd_tls_key_file = /etc/pki/tls/private/mail.acme.local.key
tls_random_source = dev:/dev/urandom

Make sure smtpd_tls_cert_file and smtpd_tls_key_file refers to your own certificate and key file respectively.

Service Configuration2. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.
Terminal3. Test Postfix using Telnet and check if 250-STARTTLS is present after the ehlo host command.

Dovecot

Edit dovecot.conf1. Edit the file /etc/dovecot.conf and add the lines below.
ssl_cert_file = /etc/pki/tls/certs/mail.acme.local.cert
ssl_key_file = /etc/pki/tls/private/mail.acme.local.key

Make sure ssl_cert_file and ssl_key_file refers to your own certificate and key file respectively.

Service Configuration2. Restart the dovecot service. Learn how to start and stop services here.

Visit the forum to ask for help or to give a comment.

***
Posted on 4/25/2010 and last updated on 4/25/2010
Filed under Dovecot , Postfix , SSL/TLS