| Mail Server : SSL/TLS Setting2020/05/19 |
| Configure SSL/TLS to use encrypted connections. SMTP-Submission uses [587/TCP] (used STARTTLS), SMTPS uses [465/TCP], POP3S uses [995/TCP], IMAPS uses [993/TCP]. | |
| [1] | Get SSL certificates, refer to here. |
| [2] | Configure Postfix and Dovecot. |
| root@mail:~# vi /etc/postfix/main.cf# add to the end smtpd_use_tls = yes smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_cert_file = /etc/letsencrypt/live/mail.srv.world/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/mail.srv.world/privkey.pem smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache root@mail:~# vi /etc/postfix/master.cf# line 17-20: uncomment submission inet n – y – – smtpd -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # line 29-32: uncomment smtps inet n – y – – smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes root@mail:~# vi /etc/dovecot/conf.d/10-ssl.conf# line 6: change ssl = yes# line 12,13: uncomment and specify certificates ssl_cert = </etc/letsencrypt/live/mail.srv.world/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.srv.world/privkey.pemroot@mail:~# systemctl restart postfix dovecot |
[3]
For Client’s settings, ( Mozilla Thunderbird )
Open account’s property and move to [Server Settings] on the left pane, then Select [STARTTLS] or [SSL/TLS] on [Connection security] field on the right pane. (this example shows to select [STARTTLS])
| [4] | Move to [Outgoing Server] on the left pane, then Select [STARTTLS] or [SSL/TLS] on [Connection security] field. Furthermore, change port to the used port. ([STARTTLS] uses [587], [SSL/TLS] uses 465, this example shows to select [STARTTLS]) |
https://www.server-world.info/en/note?os=Ubuntu_20.04&p=mail&f=5