First intall Postfix and mailutils
apt-get install postfix mailutils
Generate certificates to be used for TLS encryption and/or certificate Authentication:
touch smtpd.key chmod 600 smtpd.key openssl genrsa 1024 > smtpd.key openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 # has prompts mv smtpd.key /etc/ssl/private/ mv smtpd.crt /etc/ssl/certs/ mv cakey.pem /etc/ssl/private/ mv cacert.pem /etc/ssl/certs/
When you get this (the second promt step), you enter a pass phrase of your choice
Enter PEM pass phrase:
Configure Postfix to do TLS encryption for both incoming and outgoing mail:
postconf -e 'smtp_tls_security_level = may' postconf -e 'smtpd_tls_security_level = may' postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = server1.example.com' # remember to change this to yours
I also recommend you do this, or you might get some problems when sending with ipv6
postconf -e 'inet_protocols = ipv4'
The new Postfix config file is located here
/etc/postfix/main.cf
Restart Postfix now with this command
/etc/init.d/postfix restart
Now you can test your setup with this command from the command line
echo "Test mail from postfix" | mail -s "Test Postfix" you@example.com
And check the log to see that all went well
tail -50 /var/log/mail.log