4.6. TLS

Now, we are going to configure Postfix to use TLS. If you still haven't created a self signed certificates do it now.

apt-get install postfix-tls

Edit /etc/postfix/main.cf and look for the part containing

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

and replace it with

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/ssl/self-signed/server.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

We are telling Postfix that we want to allow sending emails without authentication for our networks (localhost) and for users that authenticated using sasl we configured previously.

Restart Postfix and try to send an email using your email client from your workstation. You will not be able to read emails yet. Just make sure that username you are using is your full email address, that you've selected to use authentication for your SMTP server and that TLS is selected.