Implementing authentication for mail relaying is an important step in securing your mail server. But as you learned in the previous recipe, the user's name and password are sent in clear text. Base64-encoding encodes binary data using only ASCII characters, which allows for non-ASCII characters in a user's password for example, but encoding isn't encryption. If traffic between the user's mail client and the server happens over an untrusted network, a malicious user can easily capture the credentials and masquerade as the user. This recipe further secures Postfix by configuring Transport Layer Security (TLS) encryption to protect the communication from eavesdropping.
This recipe requires a CentOS system with Postfix configured as described in previous recipes. Administrative privileges are also required, either by logging in with the root
account or through the use of sudo
.