Configure Postfix to allow secure connections (Short Version)
openssl genrsa -des3 -out mail.domain.tld.key 2048
chmod 600 mail.domain.tld.key
openssl req -new -key mail.domain.tld.key -out mail.domain.tld.csr
openssl x509 -req -days 365 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt
openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass
mv mail.domain.tld.key.nopass mail.domain.tld.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
chmod 600 mail.domain.tld.key
chmod 600 cakey.pem
mv mail.domain.tld.key /etc/ssl/private/
mv mail.domain.tld.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/
postconf -e ‘smtpd_tls_auth_only = no’
postconf -e ‘smtp_use_tls = yes’
postconf -e ‘smtpd_use_tls = yes’
postconf -e ‘smtp_tls_note_starttls_offer = yes’
postconf -e ‘smtpd_tls_key_file = /etc/ssl/private/mail.domain.tld.key’
postconf -e ‘smtpd_tls_cert_file = /etc/ssl/certs/mail.domain.tld.crt’
postconf -e ‘smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem’
postconf -e ‘smtpd_tls_loglevel = 1’
postconf -e ‘smtpd_tls_received_header = yes’
postconf -e ‘smtpd_tls_session_cache_timeout = 3600s’
postconf -e ‘tls_random_source = dev:/dev/urandom’
postconf -e ‘myhostname = mail.example.com’