2670
STARTTLS
incoming mail on tcp port 25
Create a new self-signed certificate
openssl req -new -x509 -nodes -out mail.example.com.crt -keyout mail.example.com.key -days 1825 -newkey rsa:4096
Configure smtpd
postfix-2.6.6-6.el6_5.x86_64
vim /etc/postfix/main.cf
# ebal, Tue, 14 Oct 2014 20:43:12 +0300
# TLS support on 25 - incoming
smtpd_use_tls = yes
smtpd_starttls_timeout = 30s
smtpd_tls_cert_file = /certs/mail.example.com.crt
smtpd_tls_key_file = /certs/mail.example.com.key
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = aNULL, MD5
smtpd_tls_protocols = !SSLv2, !SSLv3
restart postfix
postfix stop
postfix start
Firewall
# iptables -nL | grep 25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
Testing
https://starttls.info/