Your Linux Data Center Experts

Using vPostmaster with Self-Signed Certificates

Contributed by Sean Reifschneider, tummy.com, ltd. and Charles Woolridge.

Introduction:

This set of instructions is based loosely on a version written by Charles Woolridge. It creates a self-signed certificate for use with vPostMaster.

Assumptions:

Instructions:

  1. Generating SSL Key:

    Run the following commands:

    cd /etc/postfix/ssl
    openssl genrsa -rand /etc/passwd:/etc/resolv.conf 2048 > smtpd.key
    chmod 400 smtpd.key
    openssl req -new -key smtpd.key > smtpd.csr
    #  Enter the certificate information.
    #  The "common name" is the mail server DNS name.
  2. Self-sign the certificate:

    Run the following commands:

    openssl req -days 3650 -x509 -key smtpd.key -in \
          smtpd.csr > smtpd.crt
    cat smtpd.crt smtpd.key >smtpd.pem
  3. Configure Postfix to use SSL:

    Edit main.cf (located in /etc/postfix/) adding the following at the bottom of the file.

    smtp_tls_cert_file=/etc/postfix/ssl/smtpd.pem
    smtp_tls_key_file=$smtp_tls_cert_file
    smtp_tls_loglevel=1
    smtp_tls_note_starttls_offer=yes
    smtp_use_tls=yes
    smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem
    smtpd_tls_key_file=$smtp_tls_cert_file
    smtpd_use_tls=yes
    smtpd_tls_received_header=yes
  4. Edit dovecot.conf (typically located in /etc) adding the following lines:

    ssl_cert_file = /etc/postfix/ssl/smtpd.pem
    ssl_key_file = /etc/postfix/ssl/smtpd.pem
  5. Restart postfix and dovecot.