I need to get TLS set up on Postfix on my CentOS 5.7 server running Virtualmin 3.95

4 posts / 0 new
Last post
#1 Tue, 12/04/2012 - 09:50
PapaRaboon

I need to get TLS set up on Postfix on my CentOS 5.7 server running Virtualmin 3.95

Hi there,

I'm new to the forum but I have a small business running a Webmin server for a few clients and I have an issue sending email from that server.

It used to work fine but I was getting a ton of spam coming through which resulted in loads of complaints from my clients so I was advised to use the RBL zen.spamhaus.org.

Anyway that worked great and got rid of a good 90% of the spam and I felt like a good internet citizen however my clients couldn't send through that server any more on port 25 with basic SMTP auth so my host provided me an alternative server to use to allow them to send outgoing email again.

That was great too however I have been told that this SMTP server they provided for me to use will no longer function in a couple of weeks and so I need to finally get my own server to be able to send outgoing email again.

I have read that I need to enable port 587 to be able to send and use TLS with SMTP authentication.

I have port 587 sending email via telnet (localhost) but not with a mail client.

In Webmin I have found the "SMTP Authentication And Encryption" area and I understand I will need to enable TLS in there and also I will have to generate a self signed key and certificate combination but I am not sure how to configure that section.

Is there a help area that covers this for a newbie like me? Or can anyone offer any advice on how I need to proceed please?

Cheers

Paul

Tue, 12/04/2012 - 10:14
andreychek

Howdy,

You can generate the SSL certs, and copy them to Postfix, by first enabling an Apache SSL cert for one of your domains. You can do that by going into Edit Virtual Server -> Enabled Features, and setting the "SSL Website" feature.

Once you do that, go into Server Configuration -> Manage SSL Certificates, and from there just click the "Copy to Postfix" button.

Doing that should allow you to use SSL on port 587.

Let us know if that does the trick for you!

_-Eric

Tue, 12/04/2012 - 11:25
PapaRaboon

Hi Eric,

Wow, that was really quick.

Thanks for your help. I have just gone into my main domain which I would like to use for the TLS/SSL on the SMTP mail server however I have another issue.

There already is a secure certificate for one of my customers websites (the only one on my server) and it uses the mail IP address of that server. I know, silly me!!!

So when I enable the "SSL Website" feature it complains with the following error...

The following potential problems were detected with the modification of this virtual server : SSL cannot be enabled for more than one domain on the IP address xxx.xxx.xxx.xx unless a virtual IP interface or private port is enabled, or the certificate can be used for this domain. The current certificate is only valid for : www.mycustomersdomainname etc.

I've figured out how to change the IP address but I don't know if I can change it at DNS zone file level and virtual host level and the certificate still work?

Do you know if that's possible or would I have to get Geotrust to send me a new certificate? I'm not very experienced in secure certificates and have never changed an IP address of a site that had one already running before.

Cheers again

Paul

Tue, 12/04/2012 - 14:00
andreychek

Howdy,

Your SSL cert isn't tied to an IP address. It should be no problem to change the IP of your existing Virtual Server, even if it already has an SSL cert setup for it.

To do that, you can go into Server Configuration -> Change IP Address.

Note though that it doesn't actually matter which Virtual Server you move to another IP. No matter which you move, you can still click "Copy to Postfix" on either of them.

Postfix can only have one SSL cert (where Apache can have many) -- so you'd pick one SSL cert to copy into Postfix.

-Eric

Topic locked