Securing the mail server using SSL/TLS
SSL/TLS encryption for Postfix gives our mail server the capacity to not only authenticate remote SMTP servers but also to encrypt the e-mails that we send between our server and the receiver's server.
To configure SSL to encrypt connections, we first need to create our own personalized and specific SSL certificates.
We need to go the TLS certificates directory to create our new certificate there:
$ cd /etc/pki/tls/certs/
Then we create our first key file:
$ sudo openssl genrsa -des3 -out mailserver.key 2048
Then the tool will ask for a passphrase. We should give something strong and retype it when the tool asks us to do so.
After that we need to start using the OpenSSL tool; so if it is not installed we need to install it first:
$ sudo yum install openssl
Then we use OpenSSL to write the RSA key:
$ sudo openssl rsa -in server.key -out server.key
Then write in the passphrase that has already defined and carry on to have the key generated.
Now we move on...
