# Upgrade Postfix mail server to https

## trossachs

Can someone come back with a rough guide on what I need to upgrade the mail server to https? I already use stuff like Webmin via SSL, but am unsure how to convert Postfix. J

----------

## elgato319

I´m not sure what you mean by "upgrade postfix to https"...

postfix uses the smtp protocol, not https

In main.cf you can tell postfix to use an encrypted connection with other mailservers like this:

```

smtp_use_tls = yes

smtp_tls_note_starttls_offer = yes

smtp_tls_key_file = /etc/ssl/postfix/my.key

smtp_tls_cert_file = /etc/ssl/postfix/my.crt

smtp_tls_CAfile = /etc/ssl/postfix/my.ca

```

----------

## trossachs

I suppose the question I should have really asked is when using a webmail client such as Hastymail, what do I need to do to be able to log in securely.

----------

## .:chrome:.

do you need SMTP over SSL?

you can find all informations you nees on the postfix main site: http://www.postfix.org/documentation.html

----------

## trossachs

No, I just need my webmail client to be accessible over the net vis SSL (https) rather than the standard http. A new security layer needs to be added.

----------

## elgato319

Why don´t you give https://yourwebmailer.domain.com a shot?

If you already use Apache and SSL is working for webmin, than it should work on other directorys as well.

----------

## trossachs

Tried that but it does not work. I get the following in the maillog:

10.0.0.25 - - [24/Oct/2006:15:00:05 +0100] "\x80g\x01\x03" 501 375

10.0.0.25 - - [24/Oct/2006:15:00:05 +0100] "\x80g\x01\x03" 501 375 "-" "-"

10.0.0.25 - - [24/Oct/2006:15:00:05 +0100] "\x80g\x01\x03" 501 375

10.0.0.25 - - [24/Oct/2006:15:00:05 +0100] "\x80g\x01\x03" 501 375 "-" "-"

10.0.0.25 - - [24/Oct/2006:15:00:06 +0100] "\x80g\x01\x03" 501 375

10.0.0.25 - - [24/Oct/2006:15:00:06 +0100] "\x80g\x01\x03" 501 375 "-" "-"

----------

## elgato319

looks like ssl isn´t enabled on this vhost

could you give us some more details?

which host are you accessing

show us the config files for this vhost

----------

## Janne Pikkarainen

 *JulesF wrote:*   

> Tried that but it does not work. I get the following in the maillog:
> 
> 10.0.0.25 - - [24/Oct/2006:15:00:05 +0100] "\x80g\x01\x03" 501 375
> 
> 10.0.0.25 - - [24/Oct/2006:15:00:05 +0100] "\x80g\x01\x03" 501 375 "-" "-"
> ...

 

That might happen if your Apache SSL certificates are not properly created.

----------

## trossachs

I've recreated my ssl test certificate using this guide: http://slacksite.com/apache/certificate.html but it does not appear to work. Apache2 has got port 443 open and it is listed within Netstat, but the browser does not recognise https and will not connect. Am using Apache2 v2.0.59-r2.

SSL.conf listed below:

```
<IfDefine SSL>

<VirtualHost _default_:443>

ServerAdmin www@duda.co.uk

DocumentRoot /var/www/www.duda.co.uk

ServerName www.duda.co.uk

ScriptAlias /cgi-bin/ /usr/local/apache/share/htdocs/cgi-bin/

SSLEngine on

SSLCertificateFile    /etc/ssl/files/server.crt

#SSLCertificateKeyFile /etc/ssl/postfix/server.pem

SSLCertificateKeyFile /usr/local/apache/etc/ssl.key/server.pem

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

CustomLog /var/log/apache2/ssl_request_log \

        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

</IfDefine>

```

The only prob is that the following line:

```
SSLCertificateKeyFile /usr/local/apache/etc/ssl.key/server.pem
```

is not available as it is not locate anywhere on the server save for somewhere within the Postfix directory. I would have used it, but have a feeling that it was left over from a previous aborted Cyrus Sasl installation.

----------

