First intall Postfix and mailutils
apt-get install postfix mailutils
Generate certificates to be used for TLS encryption and/or certificate Authentication:
touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 # has prompts
mv smtpd.key /etc/ssl/private/
mv smtpd.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/
When you get this (the second promt step), you enter a pass phrase of your choice
Enter PEM pass phrase:
Configure Postfix to do TLS encryption for both incoming and outgoing mail:
postconf -e 'smtp_tls_security_level = may'
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = server1.example.com' # remember to change this to yours
I also recommend you do this, or you might get some problems when sending with ipv6
postconf -e 'inet_protocols = ipv4'
The new Postfix config file is located here
/etc/postfix/main.cf
Restart Postfix now with this command
/etc/init.d/postfix restart
Now you can test your setup with this command from the command line
echo "Test mail from postfix" | mail -s "Test Postfix" you@example.com
And check the log to see that all went well
tail -50 /var/log/mail.log