檔案名稱 | 說明 |
---|---|
cert.pem | 申請網域的憑證 |
chain.pem | Let's Encrypt 的憑證 |
fullchain.pem | cert.pem 及 chain.pem 合併檔案 |
privkey.pem | 申請網域的憑證密鑰 |
# TLS parameters
#default: empty;none:TLS will not be used;may:Opportunistic TLS;encrypt:Mandatory TLS encryption
#2.3以後版本使用,取代2.2以前的smtpd_use_tls=yes
#user client smtp to server
smtpd_tls_security_level = encrypt
#mail server smtp to mail server
smtp_tls_security_level = encrypt
#Discovering servers that support TLS
smtp_tls_note_starttls_offer = yes
#default: empty;Name of the file containing the optional Postfix SMTP server TLS session cache.
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#default: empty;Name of the file containing the optional Postfix SMTP client TLS session cache.
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#憑證位置
#postfix <= 3.3
#postfix >= 3.4
smtpd_tls_chain_files = /etc/letsencrypt/archive/你申請的Domain/privkey.pem,
/etc/letsencrypt/archive/你申請的Domain/fullchain.pem
#在mail的header加上SSL/TLS 相關資訊
smtpd_tls_received_header = yes
#客戶端/客戶發送郵件到我的服務器時,是否強制加密
smtpd_tls_auth_only = yes
#Log
smtpd_tls_loglevel = 1
ssl_cert = </etc/letsencrypt/archive/你申請的Domain/cert.pem
ssl_key = </etc/letsencrypt/archive/你申請的Domain/privkey.pem
ssl_ca = /etc/letsencrypt/archive/你申請的Domain/fullchain.pem
ssl_min_protocol = TLSv1.2
存檔後重新啟動dovecot!