Using the Web GUI certificate for SMTP TLS, changing MTA config file

On 04/11/2017 12:58 PM, m.erdmann(a)utwente.nl wrote:

I read in the manual that changing the TLS configuration for the SMTP
server through the GUI is available only in the 'Enterprise'
version,

We've installed a third-party (Digicert) certificate for the Web
interface. Would it be possible to modify the MTA config file to use
this Web certificate for SMTP TLS as well?

It now points to a self-signed certificate I assume:

# server side TLS configuration smtpd_tls_cert_file =
/etc/postfix/tls.pem smtpd_tls_key_file = $smtpd_tls_cert_file

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

Twitter: http://twitter.com/CipherMail

-----Original Message-----
From: m.erdmann(a)utwente.nl [m.erdmann(a)utwente.nl]
Received: Tuesday, 11 Apr 2017, 6:58AM
To: users(a)lists.djigzo.com [users(a)lists.djigzo.com]
Subject: Using the Web GUI certificate for SMTP TLS, changing MTA config file

I read in the manual that changing the TLS configuration for the SMTP server through the GUI is available only in the 'Enterprise' version,

We've installed a third-party (Digicert) certificate for the Web interface.
Would it be possible to modify the MTA config file to use this Web certificate for SMTP TLS as well?

It now points to a self-signed certificate I assume:

  # server side TLS configuration
  smtpd_tls_cert_file = /etc/postfix/tls.pem
  smtpd_tls_key_file = $smtpd_tls_cert_file

Regards,

Michel Erdmann
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

-----Original Message-----
From: Martijn Brinkers [mailto:martijn(a)ciphermail.com]
Sent: Tuesday, April 11, 2017 13:08
To: users(a)lists.djigzo.com
Cc: Erdmann, M. (LISA) <m.erdmann(a)utwente.nl>
Subject: Re: Using the Web GUI certificate for SMTP TLS, changing MTA config file

On 04/11/2017 12:58 PM, m.erdmann(a)utwente.nl wrote:

I read in the manual that changing the TLS configuration for the SMTP
server through the GUI is available only in the 'Enterprise'
version,

We've installed a third-party (Digicert) certificate for the Web
interface. Would it be possible to modify the MTA config file to use
this Web certificate for SMTP TLS as well?

It now points to a self-signed certificate I assume:

# server side TLS configuration smtpd_tls_cert_file =
/etc/postfix/tls.pem smtpd_tls_key_file = $smtpd_tls_cert_file

CipherMail gateway uses Postfix for the MTA part so configuring TLS is something Postfix specific. You are free to edit most parts of the Postfix configuration (only the after queue filter and reinjection port are required for CipherMail).

In the default Postfix main config (main.cf) the TLS config for the SMTP daemon (smtpd_tls) are commented out (using #). You can remove the comments and place the certificate and key pem on the file system and restart Postfix.

An easy way to test the TLS connection on the command line is:

openssl s_client -connect 192.168.88.110:25 -starttls smtp

where 192.168.88.110 is the IP of the SMTP server

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.

Twitter: http://twitter.com/CipherMail

-----Original Message-----
From: users-bounces(a)lists.djigzo.com [mailto:users-bounces(a)lists.djigzo.com] On Behalf Of m.erdmann(a)utwente.nl
Sent: Tuesday, April 11, 2017 9:47 AM
To: users(a)lists.djigzo.com
Subject: Re: Using the Web GUI certificate for SMTP TLS, changing MTA config file

Thanks Dino en Martijn, got the Digicert in place now for SMTP TLS.

Met vriendelijke groet / Regards,

Michel Erdmann

-----Original Message-----
From: Martijn Brinkers [mailto:martijn(a)ciphermail.com]
Sent: Tuesday, April 11, 2017 13:08
To: users(a)lists.djigzo.com
Cc: Erdmann, M. (LISA) <m.erdmann(a)utwente.nl>
Subject: Re: Using the Web GUI certificate for SMTP TLS, changing MTA config file

On 04/11/2017 12:58 PM, m.erdmann(a)utwente.nl wrote:

I read in the manual that changing the TLS configuration for the SMTP
server through the GUI is available only in the 'Enterprise'
version,

We've installed a third-party (Digicert) certificate for the Web
interface. Would it be possible to modify the MTA config file to use
this Web certificate for SMTP TLS as well?

It now points to a self-signed certificate I assume:

# server side TLS configuration smtpd_tls_cert_file =
/etc/postfix/tls.pem smtpd_tls_key_file = $smtpd_tls_cert_file

CipherMail gateway uses Postfix for the MTA part so configuring TLS is something Postfix specific. You are free to edit most parts of the Postfix configuration (only the after queue filter and reinjection port are required for CipherMail).

In the default Postfix main config (main.cf) the TLS config for the SMTP daemon (smtpd_tls) are commented out (using #). You can remove the comments and place the certificate and key pem on the file system and restart Postfix.

An easy way to test the TLS connection on the command line is:

openssl s_client -connect 192.168.88.110:25 -starttls smtp

where 192.168.88.110 is the IP of the SMTP server

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users