How to set up TLS for Postfix on Ubuntu

Question

How do you set up TLS for Postfix on Ubuntu? I've recently switched from sendmail to postfix and the emails sent by our website no longer have TLS from what I can tell on gmail, it's showing the broken pad lock:

I've checked our /etc/postfix/main.cf and these are the settings I have:

# TLS parameters
smtpd_tls_cert_file=/etc/nginx/certificates/goDaddy-10-15/example.chain.crt
smtpd_tls_key_file=/etc/nginx/certificates/goDaddy-10-15/example.key;
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Do I need to generate a different certificate for postfix? At the moment I've set it up to use the same on our website uses.

score 9 · Accepted Answer · answered Jan 25 '17 at 11:40

9

Remove smtpd_use_tls=yes , and put the following lines instead:

smtp_tls_security_level = may
smtpd_tls_security_level = may

answered Jan 25 '17 at 11:40

Artex

163

1

thanks I'll try that but what doe may mean? – Holly Jan 25 '17 at 11:59
1

according to the POSTFIX manual, http://www.postfix.org/postconf.5.html#smtpd_tls_security_level
Specify one of the following security levels: none TLS will not be used.

may Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.

encrypt Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.
– Artex Jan 25 '17 at 12:22

How to set up TLS for Postfix on Ubuntu

1 Answers1