Server side configuration

Before you begin

The example assumes that at least some previous hops require TLS:

Steps

  1. Open the /etc/postfix/main.cf file in a text editor.
  2. Add the following lines to the file: 
    smtpd_tls_cert_file= /opt/websense/PolicyEngine/ allcerts.cer
smtpd_tls_key_file= $smtpd_tls_cert_file
smtpd_tls_security_level = may
  3. Run the following command:
    postfix reload
    Note:
    • This sample uses the protector’s certificates. Some clients (previous hops) may require this certificate to be trusted by a known CA.
    • Optionally, a private key is included in the certificate file.
    • In this sample, the security level is set to enable TLS, but not make it mandatory. This can be changed.

    For further details, see: http://www.postfix.org/TLS_README.html and http://www.postfix.org/postconf.5.html.