2009/8/14 Ebbe Hjorth <ebbe.hjo...@gmail.com>: > No more hints? :-(
Do you still have a problem? You said, "Ahh, now we are talkin", which sounds like you were successful. Patrick's docs (http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html) are great, but I think they're a little misleading in this case. You don't need to create a full CA, you (probably) just want a self-signed certificate. Do you need a CA-signed certificate? No: most of the time, so just use a self-signed certificate Yes: if SMTP clients *require* encryption, *and* will perform verification of the server's certificate for trust. Note that this applies to controlled conditions, like an enterprise; SMTP clients from the internet should not care about verification. Want to use a self-signed certificate? 1. Make the key: touch smtpd.key chmod 600 smtpd.key openssl genrsa 1024 > smtpd.key 2. Make the cert, answering the questions when asked: openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt 3. Add them to your postfix config as appropriate smtpd_tls_key_file = /etc/postfix/smtpd.pem smtpd_tls_cert_file = /etc/postfix/smtpd.crt