Add the following to the /etc/postfix/main.cf file:
smtpd_tls_security_level = encrypt
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/lib/postfix/
smtpd_tls_cachetls_random_source = dev:/dev/urandom
tls_random_exchange_name = /var/lib/postfix/prng_exch
Note: smtpd_tls_ask_ccert asks, but does not require, client computers to issue their public certificate to our Postfix email server. smtpd_tls_req_ccert requires client computers to issue their public certificate to our Postfix email server. Neither of these directives are needed, as we do not want to need client computers to issue their public certificate to use our Postfix email server. We will not use this directive.
smtp = incoming, smtpd = outgoing.
In the /etc/postfix/master.cf file, remove the comment from the following line to configure Postfix to listen on port 587 (SMTPs). The "s" stands for secured.
submission inet n - n - - smtpd
The ps command can be used to determine if your system is using init or systemd. If PID 1 is init, then you will use the service command. If PID 1 is systemd, then you will use the systemctl command.
If your system is using systemd, use the systemctl command to start and enable postfix.
systemctl restart postfix
systemctl status postfix
If your system is using init, use the chkconfig and service commands to start and enable postfix.
service postfix restart
service postfix status
Use Nmap to ensure port 587 is open. Nmap should have the following:
587/tcp open submission