Subject: I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed
Good day from Singapore, I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed. It took me 7-8 hours to solve this problem. I think my boss can probably solve this problem in 10 minutes. I have prepared this extremely short and concise guide to remind myself and everyone how to configure SSL/TLS for Postfix SMTP outgoing Linux mail server. Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL) Country: Singapore Date: 25 August 2021 Wed Singapore Time Type of Publication: Plain Text Document version: 20210825.01 ===BEGINNING OF GUIDE=== Add the following lines to /etc/postfix/main.cf: smtpd_tls_cert_file = /etc/postfix/teo-en-ming-corp.crt smtpd_tls_key_file = /etc/postfix/teo-en-ming-corp.key smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache Add the following lines to /etc/postfix/master.cf: submission inet n - n - - smtpd smtps inet n - n - - smtpd Restart Postfix for changes to take effect. # service postfix restart Submission port is 587. SMTPS port is 465. Normal SMTP port is 25. Add the following firewall rules to /etc/sysconfig/iptables. This is to open ports for services/daemons listening on TCP ports 25, 465, and 587. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT Reload firewall rules. # service iptables restart Linux troubleshooting commands: # openssl s_client -connect mail.teo-en-ming-corp.com:25 -servername mail.teo-en-ming-corp.com -starttls smtp # openssl s_client -connect mail.teo-en-ming-corp.com:465 -servername mail.teo-en-ming-corp.com -starttls smtp # openssl s_client -connect mail.teo-en-ming-corp.com:587 -servername mail.teo-en-ming-corp.com -starttls smtp # openssl s_client -connect example.com:[port] -servername example.com # telnet mail.teo-en-ming-corp.com 25 # telnet mail.teo-en-ming-corp.com 465 # telnet mail.teo-en-ming-corp.com 587 ===END OF GUIDE=== You will be able to see STARTTLS in the SMTP banner for Postfix for TCP ports 25, 465 and 587 if you do a Telnet to your mail server. If there are corrections and/or additions to this guide, I will post back here. Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 25 August 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant with a System Integrator (SI)/computer firm in Singapore. He is an IT enthusiast. -----BEGIN EMAIL SIGNATURE----- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html ******************************************************************************************** Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -----END EMAIL SIGNATURE-----