|
SSL Settings
2016/12/12 |
|
Configure SSL to encrypt connections.
|
|
| [1] | |
| [2] | Configure Postfix and Dovecot. |
|
[root@mail ~]#
vi /etc/postfix/main.cf # add to the end smtpd_use_tls = yes
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt smtpd_tls_key_file = /etc/pki/tls/certs/server.key smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
[root@mail ~]#
vi /etc/postfix/master.cf # line 28-30: uncomment smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes
[root@mail ~]#
vi /etc/dovecot/conf.d/10-ssl.conf # line 8: change ssl = yes
# line 14,15: specify certificates ssl_cert = < /etc/pki/tls/certs/server.crt ssl_key = < /etc/pki/tls/certs/server.key
# line 51: uncomment and add ssl_protocols = !SSLv2 !SSLv3
systemctl restart postfix dovecot
|
| [3] | If Firewalld is running, allow SMTPS/POP3S/IMAPS services. SMTPS uses 465/TCP, POP3S uses 995/TCP, IMAPS uses 993/TCP. |
|
[root@mail ~]# firewall-cmd --add-service={smtps,pop3s,imaps} --permanent success [root@mail ~]# firewall-cmd --reload success |
| [4] | For Email Client's settings, (Windows Live Mail) Open the property of an account and change settings like following example. (if you use PO3S, input '995 for incoming mail) |
|
| [5] | Click sync button on Windows Live Mail, then following warning is shown because certificates is own created on your server. It's no ploblem. Click 'Yes' to proceed, then it's possible to send/receive emails through SSL connection. |
|