[GRLUG] Postfix server setup

Godwin godwin at grandrapids-lug.org
Thu May 8 23:30:22 EDT 2014


BTW, after restarting Postfix, test with... (I omitted stuff and put dots).
 You'll notice the STARTTLS message. You type the stuff in RED (the "ehlo"
is not misspelled).

you at yourmailsrvr:/etc/postfix/ssl$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.herenotthere.com ESMTP
ehlo yourdomain.com
.
.
.
*250-STARTTLS*
.
.
.
quit
221 2.0.0 Bye
Connection closed by foreign host.
you at yourmailsrvr:/etc/postfix/ssl$



On Thu, May 8, 2014 at 11:22 PM, Godwin <godwin at grandrapids-lug.org> wrote:

> Hi Patrick,
>
> Yes, Godaddy's certificate will work on Apache, Postfix, Cyrus IMAP (or
> anything else that requires a cert - I suspect).  This site has quick
> reference to common OpenSSL command like generating a key, csr, cert, etc.
>
> http://www.sslshopper.com/article-most-common-openssl-commands.html
>
> To add your cert to Postfix, you'll need the key you generated (prior to
> the CSR you generated), and both the domain cert and CA cert you got from
> Godaddy.  Here's how to use them in Postfix's "*main.cf <http://main.cf>*"
> file:
>
> smtp_use_tls = yes
> smtp_tls_note_starttls_offer = yes
> # The two lines above allows us to ask for TLS on connecting to other
> servers.
> smtpd_use_tls = yes
> smtpd_tls_auth_only = no
> # Use this to force TLS (problem is, then no TLS sessions will be rejected)
> #smtpd_tls_security_level = encrypt
> smtpd_tls_cert_file = /etc/postfix/ssl/yourdomain.com-cert.crt
> smtpd_tls_key_file = /etc/postfix/ssl/yourdomain.com.key
> smtpd_tls_CAfile = /etc/postfix/ssl/gd_bundle-g2-g1.crt
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
> # information on enabling SSL in the smtp client.
>
> Others can scrutinize this, but that's the gist of if.
>
> cheers,
> Godwin
>
>
>
>
> On Thu, May 8, 2014 at 2:16 PM, Patrick Goupell <patrick at upmerchants.com>wrote:
>
>>
>> On 05/08/2014 01:41 PM, Dave Chiodo wrote:
>>
>>> Did you generate a CSR on your server and submit it to godaddy?
>>>
>>> An SSL cert is basically a public key thats been signed by the cert
>>> authority - you should still have the "private" key somewhere (that you
>>> keep secure and accessible only by your server)
>>>
>>> I couldnt tell you anything about postfix directly (never used it, I'm
>>> an exim user), but you can always use openssl to handle it. It will accept
>>> the "SSL" connection from a client, and then relay it locally to the
>>> non-SSL service.
>>>
>>>
>>>
>> Yes, I sent the CSR to godaddy.com.  I got back the 2 files as I said.
>>
>>
>> --
>> Patrick Goupell
>>
>> Are you free?  Find out at http://www.sedm.org/
>> Income taxes?  Find out at http://www.whatistaxed.com
>>
>> _______________________________________________
>> grlug mailing list
>> grlug at grlug.org
>> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>>
>
>
>
> --
>
> Ubber::Geek
> http://grlug.org/
>



-- 

Ubber::Geek
http://grlug.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20140508/22fb6ae9/attachment.html>


More information about the grlug mailing list