How to setup encrypted SMTP connection using a trusted TLS using mail relay

It is possible to make an encrypted SMTP connection using a trusted TLS  on postfix when using our mail relay services. This can be configured with a few configuration changes in your postfix configuration.


1. We can simply configure it by pointing the certificate file location in the postfix configuration.

# nano /etc/postfix/main.cf

2. Find the line starts with smtp_tls_CAfile.

3. If it is not thereby default, please add it and point the certificate file location as mentioned below and save the file:

smtp_tls_CAfile = /etc/postfix/ssl.pem

4. Create the file '/etc/postfix/ssl.pem' and add the certificate information:

# nano /etc/postfix/ssl.pem

-----BEGIN CERTIFICATE-----
MIICxzCCAjCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCENhbXBiZWxsMRswGQYDVQQK
ExJCYXJyYWN1ZGEgTmV0d29ya3MxFDASBgNVBAsTC0VuZ2luZWVyaW5nMTMwMQYD
VQQDFCpCYXJyYWN1ZGEvZW1haWxBZGRyZXNzPXNhbGVzQGJhcnJhY3VkYS5jb20w
HhcNMTEwOTI5MTQzMjU3WhcNMzEwOTI0MTQzMjU3WjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCENhbXBiZWxsMRswGQYDVQQK
ExJCYXJyYWN1ZGEgTmV0d29ya3MxFDASBgNVBAsTC0VuZ2luZWVyaW5nMTMwMQYD
VQQDFCpCYXJyYWN1ZGEvZW1haWxBZGRyZXNzPXNhbGVzQGJhcnJhY3VkYS5jb20w
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO96EuFDTOg1phLStKpICyTkvlmy
E9VaJKOlZwbFBsEFSspy4KUYGO1gdUerPSfOjgVYA67a9vuQP9mM2b5dN4rzd3VQ
VVB7GhnftbuZhyuPPj0Zb3I0ILoJToOiN4qPeNSqGuq3Snk7T4ZybaZYgI622kJM
32xXnNX4dNFOrWopAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG
9w0BAQUFAAOBgQDcyAs1a9kFVoIaKh6h3uSxfK9Eyb4A2JI8A8cimac8GMdNtVvt
Rd/CEFvYwQoS/w7+EpChmly/lVQUnk4uA8jDOypd+ELSdSN6E9cQaY4UK3anK80W
0mVgwHRzqY0Qgw+0rSi6zvMdK4m9Jiy+i74zHNR06bkVUaEsOGtMvUpr6w==
-----END CERTIFICATE-----

5. Save and exit the file and you are done. Restart the postfix server to take effect the changes. 

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How To Install and Use Docker on Ubuntu 16.04

Introduction Docker is an application that makes it simple and easy to run application processes...

Change Main IP of the server :: Vesta Panel

If we are changing the main IP of a server installed with Vesta panel, we can use the following...

cPanel: Apache-FastCGI Data Timeout Error

If you are using a cPanel server and have FastCGI enabled in Apache, you might be facing the...

Domainkey installer in cPanel

You can use the following cPanel script to install domainkey for an account...

Email issues :: Common Troubleshooting Steps

Here I will discuss some common errors and their solution: We are using a mail relay setup for...