Configuring a cloud-based secure multi-domain web and e-mail server


Configuring TLS

See’s Postfix/dovecot SASL and SSL/TLS guide for reference.

We’ll need to start by generating some SSL certificates. I choose to use self-signed certificates. We’ll need to install genkey, which we’ll use to generate the keys.

[newuser@mail ~]$ sudo yum install crypto-utils
[newuser@mail ~]$ genkey --days 365

The genkey process can be a time-consuming process, depending on the encryption level requested.

When prompted, do not encrypt your private key. Provide the details requested, making sure your Common Name (Fully Qualified Domain Name) is When genkey finishes, it displays a message stating where the generated keys are stored (/etc/pki/tls/certs/ and /etc/pki/tls/private/ We’ll use these paths in configuring postfix.

We need to configure postfix to use TLS to encrypt the SASL connection.

[newuser@mail ~]$ sudo nano /etc/postfix/

and add the following at the end of the file:

# TLS Implementation
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/
smtpd_tls_cert_file = /etc/pki/tls/certs/
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes

Now, let’s reload postfix:

[newuser@mail ~]$ sudo systemctl reload postfix

Finally, let’s use the tool at to check the health of our SMTP server. My check shows now that Reverse DNS matches the SMTP banner, and that my server supports TLS.

Let’s now configure DKIM.

2 thoughts on “Configuring a cloud-based secure multi-domain web and e-mail server

    • Awesome! To be perfectly honest, i went with postfix because it’s been the default I’ve seen installed with Virtualmin. Why did you choose to go with exim?

Leave a Reply

Your email address will not be published. Required fields are marked *