Postfix: Running SMTP With TLS

Hi, enabling TLS on your postfix server is quite simple. Only enable it using following lines in your main.cf config file (usually /etc/postfix/main.cf):

  • smtpd_use_tls = yes (enable the TLS usage)
  • smtpd_tls_cert_file = /etc/pki/tls/certs/yourcertificate.crt (set your server certificate file)
  • smtpd_tls_key_file = /etc/pki/tls/private/yourkey.key (set your server key file)
  • smtpd_tls_loglevel = 1 (enable TLS logging*)
  • smtpd_tls_security = may (set TLS security level*)
  • smtpd_tls_received_header = yes (write TLS status to email header)

​*) TLS logging:
this setting's values are different in postfix v2.9 and later. for example in postfix 2.9+ the TLS handshake is logged even if the value is 0. On the other hand you need to set the value to 1 in postfix earlier to 2.9.

*) TLS security level:
may – if there is an encryption available it will be used
encrypt – means enforce the encryption. Any connection without TLS is refused

you can find more infos on the postfix website.