Although Postfix (and the SMTP protocol in general) can function without any kind of encryption, enabling TLS it can be a good idea in terms of both security and privacy, so let’s look at how it can be easily done.
We’ll actually be configuring two separate types of encryption:
- Opportunistic encryption for regular SMTP (port 25), both incoming 1 and outgoing 2. “Opportunistic”, here, means that the server will ask for encryption and use it if the other side also supports it, but if it doesn’t then it’ll work without encryption. Although forcing it might sound tempting for security reasons, in reality many “smaller” servers around the world still don’t support it, so you would be unable to send or receive mail to/from those. Opportunistic TLS at least means that most “big” email services (e.g. Gmail) will communicate with you (and you with them) with encryption.
- Forced encryption for the submission service (port 587). This is used by your own users (even if it’s just you) to send mail through your server, and typically has different restrictions (e.g. it’s authenticated, but on the other hand it can be used to send mail to the outside (unlike incoming port 25 which doesn’t, as that would make it an open relay)). Both the users’ authentication that would otherwise be in clear text, and the fact that only a limited number of users (your users, too) will be accessing that port through email clients (never other email servers that you don’t control) make forcing encryption here a no-brainer.
NOTE: naturally, this is not an exhaustive Postfix tutorial. I’ll be assuming you already have a working server, and just want to add TLS encryption to it. Also, some parts may not apply to your case.
1. Have/get a TLS certificate for your email host’s public name
If you don’t already have one, see how to create a new TLS certificate. We’ll be using an RSA certificate here (instead of going with ECDSA) since unlike, say, a web server accessed by standard browsers, you can’t control what other email servers support 3, therefore it’s best to choose the most common option. 4
Note that the certificate’s CN must match your email host’s public name (e.g. “mail.domain.com“). That will also probably correspond to (one of) the domain’s MX records.
2. Postfix configuration
Again, I’ll be assuming your non-TLS Postfix is already working fine.
Put your certificate and key on /etc/postfix (for instance). For this example, I’ll be calling them myserver-full.crt and myserver.key.
In /etc/postfix/main.cf, add the following lines:
And in /etc/postfix/master.cf, assuming you already have a “submission” section a bit like this:
Add to that section:
The above forces encryption for the submission service (remember that it’s not required for normal SMTP, it’s just desired).
- your server tries to connect to others using TLS, but falls back to an unencrypted connection if the other side doesn’t support encryption;
- other servers can connect to yours using TLS, but if they don’t attempt it then the connection will be unencrypted;
- your users *must* use encryption (and authentication) to send mail through your server.
Restart your server, and check the logs: you should be getting mentions of TLS now. For instance, an email server starting an encrypted connection to yours looks like:
Sep 6 14:25:58 drax postfix/smtpd: Anonymous TLS connection established from lists.openbsd.org[126.96.36.199]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
(And what about securing mailbox access? Enjoy: How to configure TLS encryption in Dovecot)
- emails sent to your users
- when your server, after accepting a new mail from a user of yours, sends it to its destination
- For instance, a Postfix configured with only an ECDSA certificate would not be able to “talk” securely with another Postfix with only an RSA cert, and they would have to fall back to an unencrypted connection. You might solve that by adding both types of certificates to your Postfix… but, then, only the RSA cert would ever be used, meaning there would be no point in doing that anyway…
- For the curious: the main difference here is that a web server or, say, an IMAP server only talk to clients (e.g. browsers, IMAP clients, etc., all of which typically support most types of encryption), while an SMTP server also connects to/receives connections from other servers (which are restricted to encryption types supported by the key/certificate pair that they’re using). And now you know. :)