Email Services: TLS Configuration with Postfix

10 minutes
  • 2 Learning Objectives

About this Hands-on Lab

Securing `postfix` is an important part of managing an email server that is addressable on the Internet these days. One step in doing so is making sure that all connections use TLS. This hands-on lab will allow you to build a certificate chain and configure `postfix` to use that chain to encrypt data.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Generate the SSL Certificate
  1. We need to create the key and CSR (Certificate Signing Request). We’ll also need to work as the root user, so elevating now will save time.
    sudo -i

openssl req -nodes -newkey rsa:2048 -keyout privatekey.key -out mail.csr

This will ask for a bunch of information. Since we’re doing a self-signed certificate, we don’t need to fill all of it out — accept the defaults.

2. Now we need to sign that request using the key we just generated.

openssl x509 -req -days 365 -in mail.csr -signkey privatekey.key -out secure.crt

3. Now we copy the key and certificate over to where postfix can use them. 

cp {privatekey.key,secure.crt} /etc/postfix

Configure Postfix to use TLS
  1. Run:
vim /etc/postfix/
  1. Insert these lines at the end:

    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/secure.crt
    smtpd_tls_key_file = /etc/postfix/privatekey.key
    smtp_tls_security_level = may
  2. Restart postfix:

    systemctl restart postfix
  3. Test the configuration:

    openssl s_client -connect localhost:25 -starttls smtp
  4. Scroll back and look at the certificate information. If it matches what you put in, everything worked correctly!

Additional Resources

You’ve been tasked with setting up TLS on one of your edge postfix servers. Create the key, signing request, and certificate, then configure postfix to use that certificate.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?