I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed

Subject: I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed


Good day from Singapore,


I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed. It took me 7-8 hours to 

solve this problem. I think my boss can probably solve this problem in 10 minutes.


I have prepared this extremely short and concise guide to remind myself and everyone how to configure SSL/TLS for Postfix SMTP outgoing Linux mail server.


Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)

Country: Singapore

Date: 25 August 2021 Wed Singapore Time


Type of Publication: Plain Text


Document version: 20210825.01


===BEGINNING OF GUIDE===


Add the following lines to /etc/postfix/main.cf:


smtpd_tls_cert_file = /etc/postfix/teo-en-ming-corp.crt

smtpd_tls_key_file = /etc/postfix/teo-en-ming-corp.key

smtp_tls_security_level = may

smtpd_tls_security_level = may

smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache

smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache


Add the following lines to /etc/postfix/master.cf:


submission      inet    n       -       n       -       -       smtpd

smtps           inet    n       -       n       -       -       smtpd


Restart Postfix for changes to take effect.


# service postfix restart


Submission port is 587. SMTPS port is 465. Normal SMTP port is 25.


Add the following firewall rules to /etc/sysconfig/iptables. This is to open ports for services/daemons listening on TCP ports 25, 465, and 587.


-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT


-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT

-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT


-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT

-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT


Reload firewall rules.


# service iptables restart


Linux troubleshooting commands:


# openssl s_client -connect mail.teo-en-ming-corp.com:25 -servername mail.teo-en-ming-corp.com -starttls smtp

# openssl s_client -connect mail.teo-en-ming-corp.com:465 -servername mail.teo-en-ming-corp.com -starttls smtp

# openssl s_client -connect mail.teo-en-ming-corp.com:587 -servername mail.teo-en-ming-corp.com -starttls smtp


# openssl s_client -connect example.com:[port] -servername example.com


# telnet mail.teo-en-ming-corp.com 25

# telnet mail.teo-en-ming-corp.com 465

# telnet mail.teo-en-ming-corp.com 587


===END OF GUIDE===


You will be able to see STARTTLS in the SMTP banner for Postfix for TCP ports 25, 465 and 587 if you do a Telnet to your mail server.


If there are corrections and/or additions to this guide, I will post back here.


Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 25 August 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant

with a System Integrator (SI)/computer firm in Singapore. He is an IT enthusiast.





REFERENCES

===========


[1] https://marc.info/?l=postfix-users&m=162990340109548&w=2


[2] https://mta.openssl.org/pipermail/openssl-users/2021-August/014155.html


Comments

Post a Comment

Popular posts from this blog

[24 Mar 2022 Thursday] Erectile Dysfunction and Viagra

Image
Subject: [24 Mar 2022 Thursday] Erectile Dysfunction and Viagra I have erectile dysfunction due to taking medications for mental illness (schizophrenia). Without Viagra, my penis is soft like jelly most of the time. There is no way I can penetrate a woman’s vagina due to erectile dysfunction. Today is the very 1st time I am taking Viagra. It allows my penis to remain hard and fully erected for 2 solid hours during sexual intercourse. Thanks Viagra! I can finally have sex! I am already 44 years old. What am I missing out in life?????? Do I still qualify to be a Japanese Adult Video (JAV) porn star actor???????? Link:  https://m.facebook.com/story.php?story_fbid=10158113552827735&id=646397734
Read more

Patching Linux Kernel 5.5.7 to Add Support for AUFS Filesystem

Subject of Hint: Patching Linux Kernel 5.5.7 to Add Support for AUFS Filesystem ORIGINAL AUTHOR: JIMMY ANDERSON ORIGINAL DATE: 2013-01-20 EDITED BY: TURRITOPSIS DOHRNII TEO EN MING, SINGAPORE EDIT DATE: 15 MAR 2020 SUNDAY MANDATORY PREREQUISITES ======================= You *MUST* follow the guide/hint here first (COMPULSORY): http://lists.linuxfromscratch.org/pipermail/hints/2020-March/003334.html HINT ==== To obtain the aufs5 kernel patches, do the following:   $ sudo apt install git #------------ Cut and Paste start cd $LFS/sources git clone git://github.com/sfjro/aufs5-standalone.git \ aufs5-standalone.git cd aufs5-standalone.git git checkout -b origin/aufs5.5 cp aufs5-*.patch .. rm -f include/uapi/linux/Kbuild tar cvfz $LFS/sources/aufs5.tar.gz Documentation fs include cd .. rm -rf aufs5-standalone.git #------------ Cut and Paste end Rebuilding your kernel ======================    Follow the instructions in the LFS/BLFS book and build your LF
Read more