Setting up Postfix mail server with ssl enryption, using multiple domains under same ip. (dimitris Tzemos 1. run these commands before installing postfix groupadd -g 200 postfix useradd -u 200 -d /dev/null -s /bin/false -g postfix postfix groupadd -g 201 postdrop 2. Install postfix ( i installed latest postfix version compiling by myself, version exists on slackbuilds.org does not compile under slackware current) Since you already have postfix installed dont do this step. 3. Install dovecot and dovecot-seive (they are on salix repos) 4.as root cd /usr/share/doc/dovecot-1.2.16/config-helper.sh sh config-helper.sh to create group and user and group dovecot (MUID=202 MGID=202) 5)Create TLS/SSL certificates cd /root openssl req -new -x509 -days 365 -nodes -out "example.cert" -keyout "example.key" For web services, the Common Name field usually must exactly match the hostname of the system the certificate will be used on; otherwise, clients should complain about a certificate to hostname mismatch. The -days argument specifies how long the certificate will be valid for. Example: Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:Bavaria Locality Name (eg, city) []:Seattle Organization Name (eg, company) [Internet Widgits Pty Ltd]:Salix OS Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:example.com Email Address []:postmaster@example.com As the .key file is private, change it's permissions: chmod 600 example.key 5.1) create as root the folders if they dont exist mkdir /etc/postfix/ssl/certs mkdir /etc/postfix/ssl/private/ mkdir /etc/dovecot/ssl/certs mkdir /etc/dovecot/ssl/private/ copy the keys to folders cp -a /root/example.cert /etc/postfix/ssl/postfix.cert cp -a /root/example.key /etc/postfix/ssl/postfix.key cp -a /root/example.cert /etc/postfix/ssl/certs/dovecot.pem cp -a /root/example.key /etc/postfix/ssl/private/dovecot.pem cp -a /root/example.cert /etc/dovecot/ssl/certs/dovecot.pem cp -a /root/example.key /etc/dovecot/ssl/private/dovecot.pem 6) edit the following files 6.1 /etc/postfix/main.cf set these as shown bellow myhostname = simplynux.fr # this is an example set to what is your domain mydomain = $myhostname mydestination = $myhostname, localhost.$mydomain, localhost, simplynux.org salixos.org mynetworks_style = host #you can comment this and postfix will decide what is best alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases home_mailbox = Maildir/ mailbox_command = /usr/libexec/dovecot/deliver debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = postdrop #### add these to the end of main.cf, for ssl authenctication ##### smtpd_tls_cert_file = /etc/postfix/ssl/postfix.cert smtpd_tls_key_file = /etc/postfix/ssl/postfix.key smtpd_tls_security_level = may smtpd_sasl_type = dovecot smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders smtpd_recipient_restrictions = permit_mynetworks reject_sender_login_mismatch permit_sasl_authenticated reject_unauth_destination 6.2) edit file /etc/postfix/aliases and change the line on top (akuna is an axample you will write an existing user other than root to receive mail) # Person who should get root's mail. Don't receive mail as root! root: akuna 6.3) edit file /etc/postfix/virtual add in the end of file what you want e.g an example webmaster@slackel.dynalias.net webmaster webmaster@ariadni.dynalias.net webmaster djemos@ariadni.dynalias.net djemos 6.4) create the file /etc/postfix/controlled_envelope_senders and add into it this is an example # sender owners (SASL login names) djemos@ariadni.dynalias.net djemos webmaster@ariadni.dynalias.net webmaster,djemos 6.5) run the commands to create or update the above files newaliases postmap /etc/postfix/virtual postmap /etc/postfix/controlled_envelope_senders 6.6) edit file /etc/postfix/master.cf It may be a good idea to require enryption with STARTTLS for users on the submission port. The beginning of the file should look like this: smtp inet n - n - - smtpd submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt 7) cp /etc/dovecot/dovecot-example.conf /etc/dovecot/dovecot.conf edit /etc/dovecot/dovecot.conf change the lines as bellow protocols = imap imaps pop3 pop3s mail_location = maildir:~/Maildir auth default { mechanisms = plain login passdb shadow { } userdb passwd { } socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } ## IMAP specific settings ## protocol imap { ## the other lines inside are commented and are default } ## ## POP3 specific settings ## protocol pop3 { ## the other lines inside are commented and are default } protocol lda { # Address to use when sending rejection mails (e.g. postmaster@example.com). postmaster_address = postmaster # Binary to use for sending mails. sendmail_path = /usr/lib/sendmail } now run postfix /etc/rc.d/rc.postfix start /etc/rc.d/rc.dovecot start NOTE.!!!! if you open port for imap 993 on router then postfix will use ssl/tls encryption, if you open 143 port as well on router then postfix will use starttls encryption on port 143. I think you have set it this way. Both work. Before you do all these copy in a safe place files you change like /etc/postfix/aliases main.cf etc. Always heep the old files so can safely go back. Have fun Dimitris Tzemos