Postfix – SSL/TLS Configuration

Here you can find my PostfixSSL/TLS Configuration file for ssl-tools.net.

With this postfix main.cf config file every point is green under the website ssl-tools.

bildschirmfoto-vom-2016-11-12-12-56-16

Just add the following lines of code to the file:

vim /etc/postfix/main.cf

##### TLS settings ######

### Secure outgoing connections only ###
#smtp_tls_security_level=encrypt
smtp_tls_security_level=may
smtp_tls_cert_file=/etc/letsencrypt/live/mail.DOMAIN.de/fullchain.pem
smtp_tls_key_file=/etc/letsencrypt/live/mail.DOMAIN.de/privkey.pem
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers=high
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

### Secure incoming connections only ###
#smtpd_tls_security_level=encrypt
smtp_tls_security_level=may
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.DOMAIN.de/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.DOMAIN.de/privkey.pem
smtpd_tls_mandatory_protocols = TLSv1
smtpd_tls_mandatory_ciphers=high
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtpd_delay_reject = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Scroll to Top