Postfix SSL

Egyszerű shell script, amivel az SSL-hez szükséges tanúsítványokat generálhatunk postfix-hez és be is konfigurálja az SSL-t:

#!/bin/sh
export MY_DOMAIN="test"
#export MY_DOMAIN="test.home"
#export MY_DOMAIN="mail.domain.tld"
openssl genrsa -des3 -out ${MY_DOMAIN}.key 2048
openssl req -new -key ${MY_DOMAIN}.key -out ${MY_DOMAIN}.csr
openssl x509 -req -days 365 -in ${MY_DOMAIN}.csr -signkey ${MY_DOMAIN}.key -out ${MY_DOMAIN}.crt
openssl rsa -in ${MY_DOMAIN}.key -out ${MY_DOMAIN}.key.nopass
mv ${MY_DOMAIN}.key.nopass ${MY_DOMAIN}.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
chmod 600 ${MY_DOMAIN}.key
chmod 600 cakey.pem
mv ${MY_DOMAIN}.key /etc/ssl/private/
mv ${MY_DOMAIN}.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/
postconf -e "smtpd_use_tls = yes"
postconf -e "smtpd_tls_auth_only = no"
postconf -e "smtpd_tls_key_file = /etc/ssl/private/${MY_DOMAIN}.key"
postconf -e "smtpd_tls_cert_file = /etc/ssl/certs/${MY_DOMAIN}.crt"
postconf -e "smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem"
postconf -e "tls_random_source = dev:/dev/urandom"
postconf -e "myhostname = ${MY_DOMAIN}"

Ezután más csak az 587-es port nyitása szükséges a /etc/postfix/master.cf fájlban:
587       inet  n       -       -       -       -       smtpd