Configuring TLS/SMTP Client

Since you may have configurations where other email servers require your server to authenticate when relaying mail, Postfix/TLS can also present a certificate when act- ing as an SMTP client. Note that you are limited to only one certificate for your SMTP client unless you set up additional SMTP transports in master.cf and config- ure them to use different client keys and certificates.

If you are using a self-signed server certificate, you can use the same certificate and its accompanying secret key as your client certificate. If a third-party CA signed your server certificate, it’s possible that it can be used only for the SMTP server. In which case, you can generate a separate client certificate and have that signed too. Your cli- ent certificate’s common name should match the hostname of your system, as speci- fied in the myhostname parameter. Follow the same procedure that you used to create the server certificates. If you are using the same certificates, you don’t have to do anything; simply configure the TLS client parameters to point to the same files as the server parameters.

The TLS patches for Postfix introduce the following parameters for dealing with TLS within the SMTP client. See the sample configuration file that comes with the TLS distribution for additional TLS parameters:

smtp_use_tls

Turns on client TLS support. Otherwise, Postfix operates as it would without the TLS patch. Example: smtp_use_tls = yes

smtp_tls_key_file

Points to the file containing the private key used in conjunction with your client- signed certificate. Example: smtp_tls_key_file = /etc/postfix/mailkey.pem

smtp_tls_cert_file

Points to the file containing your client-signed certificate. Example: smtptls cert_file = /etc/postfix/mail_signed_cert.pem

smtp_tls_CAfile

Points to the file containing the public certificates identifying the CAs that signed your client certificate. Example: smtp_tls_CAfile = /etc/postfix/CAcert.pem Assuming that you are using the same certificates that you used for your server, the procedure to enable TLS in the SMTP client is quite simple:

1.Edit main.cf and set the following parameters:

smtp_use_tls = yes
smtp_tls_key_file = /etc/postfix/mailkey.pem
smtp_tls_cert_file = /etc/postfix/mail_signed_cert.pem
smtp_tls_CAfile = /etc/postfix/cacert.pem

If there are other TLS parameters that you want to set, do so here (see the TLS patches documentation).

2.Reload Postfix so that it recognizes the changes in its main.cf configuration file:

# postfix reload

Now, when Postfix connects to an SMTP server that requests a client certificate, it will provide the necessary information.

Configuring TLS\/SMTP Client

Configuring TLS/SMTP Client

results matching ""

No results matching ""