Using vPostmaster with Self-Signed Certificates

Contributed by Sean Reifschneider, tummy.com, ltd. and Charles Woolridge.

Introduction:

This set of instructions is based loosely on a version written by Charles Woolridge. It creates a self-signed certificate for use with vPostMaster.

Assumptions:

• That you backup ALL files before changing them.
• You are using these instructions at your own risk. Standard disclaimers of responsibilities for any problems. :-)

Instructions:

1. Generating SSL Key:

   Run the following commands:

   cd /etc/postfix/ssl
   openssl genrsa -rand /etc/passwd:/etc/resolv.conf 2048 > smtpd.key
   chmod 400 smtpd.key
   openssl req -new -key smtpd.key > smtpd.csr
   #  Enter the certificate information.
   #  The "common name" is the mail server DNS name.

2. Self-sign the certificate:

   Run the following commands:

   openssl req -days 3650 -x509 -key smtpd.key -in \
         smtpd.csr > smtpd.crt
   cat smtpd.crt smtpd.key >smtpd.pem

3. Configure Postfix to use SSL:

   Edit main.cf (located in /etc/postfix/) adding the following at the bottom of the file.

   smtp_tls_cert_file=/etc/postfix/ssl/smtpd.pem
   smtp_tls_key_file=$smtp_tls_cert_file
   smtp_tls_loglevel=1
   smtp_tls_note_starttls_offer=yes
   smtp_use_tls=yes
   smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem
   smtpd_tls_key_file=$smtp_tls_cert_file
   smtpd_use_tls=yes
   smtpd_tls_received_header=yes

4. Edit dovecot.conf (typically located in /etc) adding the following lines:

   ssl_cert_file = /etc/postfix/ssl/smtpd.pem
   ssl_key_file = /etc/postfix/ssl/smtpd.pem

5. Restart postfix and dovecot.