Jump to content
Froxlor Forum
  • 0

Postfix with dovecot TLS



1 answer to this question

Recommended Posts

  • 0

You indeed need a certificate which validates the domain given in $myhostname - by default it should be the froxlor-systemhostname so you can for example just use the generated certificate from it (if enabled and exists, default in /etc/ssl/froxlor-custom/).

Important: you can follow any tutorial to activate ssl on postfix for this, nothing froxlor specific in these parts of the config

The TLS settings at the end of the postfix/main.cf should look somewhat like that:

### TLS settings
## TLS for outgoing mails from the server to another server
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
## TLS for incoming connections (clients or other mail servers)
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/ssl/froxlor-custom/your-hostname_fullchain.cer
smtpd_tls_key_file = /etc/ssl/froxlor-custom/your-hostname.key
#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5

Also remember to adjust the postfix/master.cf file so it listens to smtps/submission


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...