Using the Web GUI certificate for SMTP TLS, changing MTA config file

I read in the manual that changing the TLS configuration for the SMTP server through the GUI is available only in the 'Enterprise' version,

We've installed a third-party (Digicert) certificate for the Web interface.
Would it be possible to modify the MTA config file to use this Web certificate for SMTP TLS as well?

It now points to a self-signed certificate I assume:

  # server side TLS configuration
  smtpd_tls_cert_file = /etc/postfix/tls.pem
  smtpd_tls_key_file = $smtpd_tls_cert_file

Regards,

Michel Erdmann

CipherMail gateway uses Postfix for the MTA part so configuring TLS is
something Postfix specific. You are free to edit most parts of the
Postfix configuration (only the after queue filter and reinjection port
are required for CipherMail).

In the default Postfix main config (main.cf) the TLS config for the SMTP
daemon (smtpd_tls) are commented out (using #). You can remove the
comments and place the certificate and key pem on the file system and
restart Postfix.

An easy way to test the TLS connection on the command line is:

openssl s_client -connect 192.168.88.110:25 -starttls smtp

where 192.168.88.110 is the IP of the SMTP server

Kind regards,

Martijn Brinkers

···

On 04/11/2017 12:58 PM, m.erdmann(a)utwente.nl wrote:

I read in the manual that changing the TLS configuration for the SMTP
server through the GUI is available only in the 'Enterprise'
version,

We've installed a third-party (Digicert) certificate for the Web
interface. Would it be possible to modify the MTA config file to use
this Web certificate for SMTP TLS as well?

It now points to a self-signed certificate I assume:

# server side TLS configuration smtpd_tls_cert_file =
/etc/postfix/tls.pem smtpd_tls_key_file = $smtpd_tls_cert_file

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

I don't see why not. We do the same thing. Just modify your main.cf with your digicert certificate info.

···

-----Original Message-----
From: m.erdmann(a)utwente.nl [m.erdmann(a)utwente.nl]
Received: Tuesday, 11 Apr 2017, 6:58AM
To: users(a)lists.djigzo.com [users(a)lists.djigzo.com]
Subject: Using the Web GUI certificate for SMTP TLS, changing MTA config file

I read in the manual that changing the TLS configuration for the SMTP server through the GUI is available only in the 'Enterprise' version,

We've installed a third-party (Digicert) certificate for the Web interface.
Would it be possible to modify the MTA config file to use this Web certificate for SMTP TLS as well?

It now points to a self-signed certificate I assume:

  # server side TLS configuration
  smtpd_tls_cert_file = /etc/postfix/tls.pem
  smtpd_tls_key_file = $smtpd_tls_cert_file

Regards,

Michel Erdmann
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Thanks Dino en Martijn, got the Digicert in place now for SMTP TLS.

Met vriendelijke groet / Regards,

Michel Erdmann

···

-----Original Message-----
From: Martijn Brinkers [mailto:martijn(a)ciphermail.com]
Sent: Tuesday, April 11, 2017 13:08
To: users(a)lists.djigzo.com
Cc: Erdmann, M. (LISA) <m.erdmann(a)utwente.nl>
Subject: Re: Using the Web GUI certificate for SMTP TLS, changing MTA config file

On 04/11/2017 12:58 PM, m.erdmann(a)utwente.nl wrote:

I read in the manual that changing the TLS configuration for the SMTP
server through the GUI is available only in the 'Enterprise'
version,

We've installed a third-party (Digicert) certificate for the Web
interface. Would it be possible to modify the MTA config file to use
this Web certificate for SMTP TLS as well?

It now points to a self-signed certificate I assume:

# server side TLS configuration smtpd_tls_cert_file =
/etc/postfix/tls.pem smtpd_tls_key_file = $smtpd_tls_cert_file

CipherMail gateway uses Postfix for the MTA part so configuring TLS is something Postfix specific. You are free to edit most parts of the Postfix configuration (only the after queue filter and reinjection port are required for CipherMail).

In the default Postfix main config (main.cf) the TLS config for the SMTP daemon (smtpd_tls) are commented out (using #). You can remove the comments and place the certificate and key pem on the file system and restart Postfix.

An easy way to test the TLS connection on the command line is:

openssl s_client -connect 192.168.88.110:25 -starttls smtp

where 192.168.88.110 is the IP of the SMTP server

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

You can also test smtp TLS from this website:

http://www.checktls.com/perl/live/TestReceiver.pl

···

-----Original Message-----
From: users-bounces(a)lists.djigzo.com [mailto:users-bounces(a)lists.djigzo.com] On Behalf Of m.erdmann(a)utwente.nl
Sent: Tuesday, April 11, 2017 9:47 AM
To: users(a)lists.djigzo.com
Subject: Re: Using the Web GUI certificate for SMTP TLS, changing MTA config file

Thanks Dino en Martijn, got the Digicert in place now for SMTP TLS.

Met vriendelijke groet / Regards,

Michel Erdmann

-----Original Message-----
From: Martijn Brinkers [mailto:martijn(a)ciphermail.com]
Sent: Tuesday, April 11, 2017 13:08
To: users(a)lists.djigzo.com
Cc: Erdmann, M. (LISA) <m.erdmann(a)utwente.nl>
Subject: Re: Using the Web GUI certificate for SMTP TLS, changing MTA config file

On 04/11/2017 12:58 PM, m.erdmann(a)utwente.nl wrote:

I read in the manual that changing the TLS configuration for the SMTP
server through the GUI is available only in the 'Enterprise'
version,

We've installed a third-party (Digicert) certificate for the Web
interface. Would it be possible to modify the MTA config file to use
this Web certificate for SMTP TLS as well?

It now points to a self-signed certificate I assume:

# server side TLS configuration smtpd_tls_cert_file =
/etc/postfix/tls.pem smtpd_tls_key_file = $smtpd_tls_cert_file

CipherMail gateway uses Postfix for the MTA part so configuring TLS is something Postfix specific. You are free to edit most parts of the Postfix configuration (only the after queue filter and reinjection port are required for CipherMail).

In the default Postfix main config (main.cf) the TLS config for the SMTP daemon (smtpd_tls) are commented out (using #). You can remove the comments and place the certificate and key pem on the file system and restart Postfix.

An easy way to test the TLS connection on the command line is:

openssl s_client -connect 192.168.88.110:25 -starttls smtp

where 192.168.88.110 is the IP of the SMTP server

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users