1989

TLS on submission

outoing mail on tcp port 587

Contents

Create a new self-signed certificate
Configure submission daemon
simply testing
firewall

Create a new self-signed certificate

openssl req -new -x509 -nodes -out smtp.example.com.crt -keyout smtp.example.com.key -days 1825 -newkey rsa:4096

Configure submission daemon

vim /etc/postfix/master.cf

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_starttls_timeout=30s
  -o smtpd_tls_cert_file=/certs/smtp.example.com.crt
  -o smtpd_tls_key_file=/certs/smtp.example.com.key

postfix stop
postfix start

simply testing

[~]# telnet smtp.example.com 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 smtp.example.com ESMTP Postfix
ehlo smtp.example.com
250-smtp.example.com
250-PIPELINING
250-SIZE 35651584
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
^]

telnet> clo
Connection closed.

firewall

[~]# iptables -nL | grep 587

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:587