Mailserver Self Signed Zertifikate

Zur Verifizierung und Absicherung werden Zertifikate erstellt.

# erstelle den Private Key
openssl genrsa -des3 -out usrv2.amrhein.info.key 2048
chmod 600 usrv2.amrhein.info.key

# erstelle den Zertifikats CSR
openssl req -new -key usrv2.amrhein.info.key -out usrv2.amrhein.info.csr
# erstelle Zertifikat
openssl x509 -req -days 365 -in usrv2.amrhein.info.csr -signkey usrv2.amrhein.info.key -out usrv2.amrhein.info.crt

# erstelle unverschlüsselten Private Key
openssl rsa -in usrv2.amrhein.info.key -out usrv2.amrhein.info.key.nopass
# backup des passwort gesicherten Keys
mv usrv2.amrhein.info.key usrv2.amrhein.info.key.pass
# verwende den unverschlüsselten private key
mv usrv2.amrhein.info.key.nopass usrv2.amrhein.info.key

# erstelle Server Key und Zertifikat
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
chmod 600 usrv2.amrhein.info.key
chmod 600 cakey.pem

# verteile die Zertifikate und Keys
mv usrv2.amrhein.info.key /etc/ssl/private/
mv usrv2.amrhein.info.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/

# postfix Konfiguration
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/ssl/private/usrv2.amrhein.info.key'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/usrv2.amrhein.info.crt'
postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
postconf -e 'smtp_tls_CApath = /etc/ssl/certs'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = mail.example.com'

# restart postfix
systemctl restart postfix