Postfix SMTP

Preparing for the installation

To install your Digital certificate on a Postfix server, you will need two files. First, you will need the private key that was created when you made your CSR. Second, you will need the .cer file from the ZIP file that was e-mailed to you by Trustwave® (this is your actual certificate).

Install your Trustwave® Digital Server certificate

Now that you have all three files, place them in a directory accessible by Postfix. We recommend using /etc/postfix/. Some users may want to make a directory for TLS inside the /etc/postfix/ directory.

Configuring Postfix to use TLS

Now that your certificates are on the filesystem, all that's left is a simple configuration change within your in the Postfix directory. Open the file with a suitable text editor - such as vi, nano, or pico - and add the following lines:

smtpd_use_tls = yes 
# smtpd_tls_auth_only = yes <-- Optional 
smtpd_tls_key_file = /etc/postfix/private.key 
smtpd_tls_cert_file = /etc/postfix/ 
smtpd_tls_loglevel = 1 
smtpd_tls_received_header = yes 
smtpd_tls_session_cache_timeout = 3600s 
tls_random_source = dev:/dev/urandom 

You can uncomment the smtpd_tls_auth_only line if you want to force all clients to use TLS encryption. Please remember - any clients without TLS capabilities will be rejected when they attempt to connect. Also, if you have issues with your installation, increase the smtpd_tls_loglevel to 3 so that you can see additional debugging information in your system log.

Completing the installation

All that's left to do is reload Postfix's configuration. You can normally do this by running postfix reload.

Certificate Analyzer

Once you have completed your certificate installation you can use our instant online troubleshooter to verify your installation and help resolve problems.
Certificate Analyzer→

Go Green