SSL smtp on Virtualmin

By default, virtual servers aren’t setting up SMTP to use SSL. Following this information regarding SSL SMTP I am just summarizing:

 netstat -an | grep :465

Returns nothing, so.

vi /etc/postfix/master.cf

find the lines:

#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING

And uncomment them:

smtps inet n - n - - smtpd
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING

After that, restarting postfix (I also include the saslauth, it wont hurt but I am not sure it is necessary) and checking if port 465 worked:

/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
netstat -an | grep :465
tcp        0      0 0.0.0.0:465                 0.0.0.0:*                   LISTEN

I was still getting an error in my maillog:

warning: No server certs available. TLS won’t be enabled

So I needed to create a certificate. to do this using Virtualmin is dead simple (I quote):

The simplest way to do that would be to pick a Virtual Server that exists on your server whose name you’d like on the SSL certs. Let’s assume you have a Virtual Server named “example.com”, and that’s the name you’d like on your SSL certs.

(edit: I personally used my main host website to keep things together)

Firstly, go into Edit Virtual Server, go into Enabled Features, and check “SSL website enabled”, then hit save. That’ll generate an SSL cert that is put into Apache.

The next step would be to get that cert into your mail setup.

To do that, go into Server Configuration -> Manage SSL Certificate, and click “Copy to Postfix”. That’ll setup Postfix with that new SSL cert you just created.

I don’t recall if that actually restarts Postfix… if not, you may need to manually restart it with “/etc/init.d/postfix restart”.

After this, I am able to set SMTP to use STARTTLS port 587 with plain password to send emails using the server 🙂