We already noted that SMTP AUTH
using plaintext mechanisms isn't really safe because the string that is sent during authentication is merely encoded and not encrypted. This is where Transport Layer Security (TLS) comes in handy because it can shield the transmission of the encoded string from curious eyes.
To enable TLS you must generate a key pair and a certificate, and then alter the postfix configuration to recognize them.
To generate an SSL certificate, and to use SSL, you need to have the OpenSSL package installed. This will be installed in many cases, otherwise use your distribution's package manager to install it.
To create a certificate, issue the following commands (as root):
This will create certificates in /etc/postfix/certs
called smtpd.key
and smtpd.crt
. Add the smtpd_use_tls
parameter to main.cf
and set it to yes:
smtpd_use_tls = yes
Then you will need to tell smtpd
where it can find the key and the certificate...