How to Install Postfix with TLS on Ubuntu 16.04

First intall Postfix and mailutils

apt-get install postfix mailutils

Generate certificates to be used for TLS encryption and/or certificate Authentication:

touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 # has prompts
mv smtpd.key /etc/ssl/private/
mv smtpd.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/

When you get this (the second promt step), you enter a pass phrase of your choice

Enter PEM pass phrase:

Configure Postfix to do TLS encryption for both incoming and outgoing mail:

postconf -e 'smtp_tls_security_level = may'
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = server1.example.com' # remember to change this to yours

I also recommend you do this, or you might get some problems when sending with ipv6

postconf -e 'inet_protocols = ipv4'

The new Postfix config file is located here


Restart Postfix now with this command

/etc/init.d/postfix restart

Now you can test your setup with this command from the command line

echo "Test mail from postfix" | mail -s "Test Postfix" you@example.com

And check the log to see that all went well

tail -50 /var/log/mail.log

Leave a Reply

Your email address will not be published. Required fields are marked *