Mail Server : SSL/TLS Setting2020/05/19

Configure SSL/TLS to use encrypted connections.
SMTP-Submission uses [587/TCP] (used STARTTLS), SMTPS uses [465/TCP], POP3S uses [995/TCP], IMAPS uses [993/TCP].
[1]Get SSL certificates, refer to here.
[2]Configure Postfix and Dovecot.

root@mail:~# vi /etc/postfix/ add to the end
smtpd_use_tls = yes smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_cert_file = /etc/letsencrypt/live/ smtpd_tls_key_file = /etc/letsencrypt/live/ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache root@mail:~# vi /etc/postfix/ line 17-20: uncomment
submission inet n – y – – smtpd -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # line 29-32: uncomment
smtps inet n – y – – smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes root@mail:~# vi /etc/dovecot/conf.d/10-ssl.conf# line 6: change
ssl = yes# line 12,13: uncomment and specify certificates
ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/ systemctl restart postfix dovecot

For Client’s settings, ( Mozilla Thunderbird )
Open account’s property and move to [Server Settings] on the left pane, then Select [STARTTLS] or [SSL/TLS] on [Connection security] field on the right pane. (this example shows to select [STARTTLS])

[4]Move to [Outgoing Server] on the left pane,
then Select [STARTTLS] or [SSL/TLS] on [Connection security] field. Furthermore, change port to the used port. ([STARTTLS] uses [587], [SSL/TLS] uses 465, this example shows to select [STARTTLS])