{"id":123,"date":"2019-07-09T07:21:08","date_gmt":"2019-07-09T07:21:08","guid":{"rendered":"https:\/\/www.ssls.com\/knowledgebase\/?p=123"},"modified":"2025-07-16T13:55:52","modified_gmt":"2025-07-16T13:55:52","slug":"installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/","title":{"rendered":"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">This guide describes the ways to enable the SSL\/TLS encryption using a trusted SSL certificate for receiving secured incoming and outgoing connections on a Postfix-Dovecot server.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For testing purposes, a Comodo (<a href=\"https:\/\/www.ssls.com\/knowledgebase\/comodo-ca-rebrands-as-sectigo\">now Sectigo<\/a>) PositiveSSL certificate has been used; however, to secure your mail server, you can purchase any certificate with us as they meet your needs.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The testing was done <\/span><span style=\"font-weight: 400;\">on the following server stack:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Ubuntu 24.04<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Postfix 3.8.6<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Dovecot 2.3.21<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If you do not have any issued (trusted) certificate yet for the hostname of your mail server, it is necessary to purchase it, <\/span><a href=\"https:\/\/www.ssls.com\/knowledgebase\/category\/CSR-generation-instructions\"><span style=\"font-weight: 400;\">generate a CSR<\/span><\/a><span style=\"font-weight: 400;\"> needed for activation and once done, <\/span><a href=\"https:\/\/www.ssls.com\/knowledgebase\/okay-so-i-ordered-an-ssl-how-do-i-get-it-to-work-on-my-domain\"><span style=\"font-weight: 400;\">activate<\/span><\/a> <span style=\"font-weight: 400;\">it.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><br \/>\nIf you have your certificate issued, you are able to <a href=\"https:\/\/www.ssls.com\/knowledgebase\/can-i-download-certificate-somewhere-on-your-site\">download it from the SSLs.com user account<\/a> or from the email (fulfillment email) received \u00a0from the Certificate Authority to the administrative contact email address you have chosen during the activation process. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">The first thing you need to do is to upload and concatenate the certificate files on the server. You can follow the actions below:<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><br \/>\n1. Upload the certificate file <em>yourdomainname.crt<\/em> to the server along with the CA bundle. Keep in mind that the CA bundle can be either in a single file (<em>example.ca-bundle<\/em>) or in separate files (<em>SectigoPublicServerAuthenticationCADVR36.crt, SectigoPublicServerAuthenticationRootR46.crt, USERTrustRSACertificationAuthority.crt <\/em>as in our case). The following files should be saved in the following way: the certificate and CA bundle files in the \/etc\/ssl\/certs\/ directory; the corresponding private key (<em>example_com.key<\/em>) in the \/etc\/ssl\/private\/ folder.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">2.<\/span><span style=\"font-weight: 400;\"> Combine the uploaded files into one using one of the commands below:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0\u00a0 2.1. Create a file with the server certificate and CA chain:<\/span><\/p>\n<p><em><strong>\u00a0 cat \/etc\/ssl\/certs\/yourdomainname.crt \/etc\/ssl\/certs\/yourdomainname.ca-bundle &gt;&gt; \/etc\/ssl\/certs\/certificate.crt<\/strong><\/em><\/p>\n<p><em><strong>\u00a0<\/strong><\/em><\/p>\n<p><em><strong>\u00a0 cat \/etc\/ssl\/certs\/yourdomainname.crt \/etc\/ssl\/certs\/SectigoPublicServerAuthenticationCADVR36.crt \/etc\/ssl\/certs\/SectigoPublicServerAuthenticationRootR46.crt \/etc\/ssl\/certs\/USERTrustRSACertificationAuthority.crt &gt;&gt; \/etc\/ssl\/certs\/certificate.crt<\/strong><\/em><\/p>\n<p><em><strong>\u00a0<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0 2.2. One file with the combined certificate, CA chain and Private Key can be acceptable for Postfix and\u00a0 Dovecot. One of the commands below can be used to create it:<\/span><\/p>\n<p><em><strong>\u00a0 cat \/etc\/ssl\/certs\/yourdomainname.crt \/etc\/ssl\/certs\/yourdomainname.ca-bundle \/etc\/ssl\/private\/yourdomainname.key &gt;&gt; \/etc\/ssl\/certs\/certificate_and_key.crt<\/strong><\/em><\/p>\n<p><em><strong>\u00a0<\/strong><\/em><\/p>\n<p><em><strong>\u00a0 cat \/etc\/ssl\/certs\/yourdomainname.crt \/etc\/ssl\/certs\/SectigoPublicServerAuthenticationCADVR36.crt \/etc\/ssl\/certs\/SectigoPublicServerAuthenticationRootR46.crt \/etc\/ssl\/certs\/USERTrustRSACertificationAuthority.crt \/etc\/ssl\/private\/yourdomainname.key &gt;&gt; \/etc\/ssl\/certs\/certificate_and_key.crt<\/strong><\/em><\/p>\n<p><em><strong>\u00a0<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">In order to check the content of the new file in question, run the following command: <\/span><\/p>\n<p><em><span style=\"font-weight: 400;\"><strong>\u00a0 cat \/etc\/ssl\/certs\/certificate.crt<\/strong> <\/span><\/em><\/p>\n<p><span style=\"font-weight: 400;\">or<\/span><\/p>\n<p><em><span style=\"font-weight: 400;\"><strong>\u00a0 cat \/etc\/ssl\/certs\/certificate_and_key.crt<\/strong><\/span><\/em><\/p>\n<p><em><strong>\u00a0<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">It is necessary to check whether there are no excessive white spaces between or inside the PEM-encoded certificate and key blocks in the output. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you notice such spaces, they can be edited manually \u2013 open the file in a text editor like \u201cvi\u201d or \u201cnano\u201d and remove the odd elements.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>The editing of Postfix and Dovecot configuration files to enable SSL\/TLS on specific ports<\/strong><\/span><\/p>\n<p><span style=\"font-weight: 400;\">The process of sending and receiving mail over the Internet is a complex system of endpoint and intermediary instances (mail server and client software) labeled as mail user agents (MUA), mail submission agents (MSA), mail transfer agents (MTA) and mail delivery agents (MDA) depending on the functions they perform. Normally, an email is passed over each type of the above-mentioned parties, and different transport protocols are used on every step, namely submission protocol, Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP3) and Internet Message Access Protocol (IMAP).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The below chart shows the use of ports for specific transport protocol execution.<\/span><\/p>\n<table style=\"height: 130px;\" width=\"583\">\n<tbody>\n<tr style=\"height: 16px;\">\n<td style=\"width: 142.5px; height: 16px;\"><strong>Protocol<\/strong><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><strong>Usage<\/strong><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><strong>Plain text \/ encrypted session<\/strong><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><strong>Encrypted session only<\/strong><\/td>\n<\/tr>\n<tr style=\"height: 16px;\">\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">POP3<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">Incoming mail<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">110<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">995<\/span><\/td>\n<\/tr>\n<tr style=\"height: 16px;\">\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">IMAP<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">Incoming mail<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">143<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">993<\/span><\/td>\n<\/tr>\n<tr style=\"height: 16px;\">\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">SMTP<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">Outgoing mail<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">25<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">465<\/span><\/td>\n<\/tr>\n<tr style=\"height: 16px;\">\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">Submission<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">Outgoing mail<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><span style=\"font-weight: 400;\">587<\/span><\/td>\n<td style=\"width: 142.5px; height: 16px;\"><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">The<\/span> <a href=\"https:\/\/en.wikipedia.org\/wiki\/Opportunistic_TLS\"><span style=\"font-weight: 400;\">Opportunistic TLS<\/span><\/a><span style=\"font-weight: 400;\"> approach gives the possibility to use ports 25, 110, 143 and 587 either in the plain text (unencrypted) or secure (encrypted) mode. According to this approach, the STARTTLS command is requested when an existing active plain text session happens.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Technically, using ports 465, 993 and 995 and the way HTTP protocol is used over SSL\/TLS are similar: 1) secure ports are detached from their \u201cunsecured\u201d counterparts; 2) any data exchange can be performed after establishing an encrypted session.<\/span><\/p>\n<p><strong>NOTE:<\/strong><span style=\"font-weight: 400;\"> Although port 465 is not listed as the SMTPS port in the official standards of IANA\u2019s documentation, it is used to serve encrypted outgoing mail traffic by mail server administrators.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Both techniques described above are considered to be used in the Internet mail system nowadays. In order to secure your mail, it is better to install an SSL certificate on every mail port you are planning to use.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The steps below will help you to install your SSL certificate for both mail ports: incoming and outgoing ones:<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><br \/>\n<strong>Port 25 (SMTP with STARTTLS)<\/strong><\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Open to edit the file named <\/span><em><span style=\"font-weight: 400;\">main.cf<\/span><\/em><span style=\"font-weight: 400;\"> (Postfix configuration file). You can usually find it in the <em>\/etc\/postfix\/<\/em> directory. <\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Locate the <\/span><span style=\"font-weight: 400;\">TLS parameters <\/span><span style=\"font-weight: 400;\">section in the <\/span><em><span style=\"font-weight: 400;\">main.cf<\/span><\/em><span style=\"font-weight: 400;\"> file<\/span> <span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">and make the changes in the following values of certain directives. See the example below:<\/span><\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">if \u00a0you save the certificate and private key in separate files:<\/span><\/p>\n<p><em><strong>\u00a0 smtpd_tls_cert_file=\/etc\/ssl\/certs\/certificate.crt<br \/>\n<\/strong><\/em><em><strong>\u00a0 smtpd_tls_key_file=\/etc\/ssl\/private\/yourdomainname.key<\/strong><\/em><\/p>\n<p><em><strong>\u00a0<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">if \u00a0you save the certificate and private key in a single file:<\/span><\/p>\n<p><em><strong>\u00a0 smtpd_tls_cert_file=\/etc\/ssl\/certs\/certificate_and_key.crt<br \/>\n<\/strong><\/em><em><strong>\u00a0 smtpd_tls_key_file=$smtpd_tls_cert_file<\/strong><\/em><\/p>\n<p><em><span style=\"font-weight: 400;\"><strong>NB<\/strong>:<\/span><\/em><span style=\"font-weight: 400;\">\u00a0<\/span><span style=\"font-weight: 400;\">Make sure the incoming and outgoing encryption is specified as follows:<\/span><\/p>\n<p><strong><em> \u00a0 smtpd_use_tls = yes<\/em><\/strong><br \/>\n<em><strong>\u00a0\u00a0smtpd_tls_auth_only = yes<\/strong><\/em><br \/>\n<em><strong>\u00a0 smtpd_tls_security_level = may<\/strong><\/em><br \/>\n<em><strong>\u00a0 smtpd_tls_session_cache_database = btree:${data_directory}\/smtpd_scache<\/strong><\/em><\/p>\n<p><em><strong>\u00a0 smtp_tls_security_level = may<\/strong><\/em><br \/>\n<em><strong>\u00a0 <\/strong><strong>smtp_tls_session_cache_database = btree:${data_directory}\/smtp_scache<\/strong><\/em><\/p>\n<p>Additionally, you restrict the weak TLS protocols and ciphers:<br \/>\n<em><strong>\u00a0 <\/strong><strong>smtpd_tls_protocols = !SSLv2, !SSLv3<\/strong><\/em><br \/>\n<em><strong>\u00a0 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3<\/strong><\/em><\/p>\n<p><strong>NOTE<\/strong>: You can also add a restriction on the !TLS 1.0 !TLS 1.1 protocols.<\/p>\n<p><span style=\"font-weight: 400;\">Once done, close the <em>main.cf<\/em> file and save the changes you made.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-9081\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg\" alt=\"\" width=\"612\" height=\"297\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg 909w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1-300x146.jpg 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1-768x373.jpg 768w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1-150x73.jpg 150w\" sizes=\"auto, (max-width: 612px) 100vw, 612px\" \/><\/p>\n<p><strong>Ports 587 (Submission with STARTTLS) and 465 (SMTPS)<\/strong><\/p>\n<ol>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Locate the Postfix\u2019s <\/span><em><span style=\"font-weight: 400;\">master.cf<\/span><\/em><span style=\"font-weight: 400;\"> file in the \/etc\/postfix\/ directory and open it;<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">When it is opened, uncomment (or edit if needed) the next lines:<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">to open and protect port 587:<\/span><\/p>\n<p><em><strong>\u00a0 submission inet n \u00a0\u00a0\u00a0\u00a0\u00a0 &#8211; \u00a0\u00a0\u00a0\u00a0\u00a0 y \u00a0\u00a0\u00a0\u00a0\u00a0 &#8211; \u00a0\u00a0\u00a0\u00a0\u00a0 &#8211; \u00a0\u00a0\u00a0\u00a0\u00a0 smtpd<br \/>\n<\/strong><\/em><em><strong>\u00a0\u00a0\u00a0\u00a0 -o syslog_name=postfix\/submission<br \/>\n<\/strong><\/em><em><strong>\u00a0\u00a0\u00a0\u00a0 -o smtpd_tls_security_level=encrypt<br \/>\n<\/strong><\/em><span style=\"font-weight: 400;\"><em><strong>\u00a0 \u00a0 \u00a0-o smtpd_sasl_auth_enable=yes<br \/>\n-o smtpd_tls_auth_only=yes<br \/>\n<\/strong><\/em><\/span><\/p>\n<p><span style=\"font-weight: 400;\">to open and protect port 465:<\/span><\/p>\n<p><em><strong>\u00a0 smtps \u00a0\u00a0\u00a0 inet \u00a0n \u00a0\u00a0\u00a0\u00a0\u00a0 &#8211; \u00a0\u00a0\u00a0\u00a0\u00a0 y \u00a0\u00a0\u00a0\u00a0\u00a0 &#8211; \u00a0\u00a0\u00a0\u00a0\u00a0 &#8211; \u00a0\u00a0\u00a0\u00a0\u00a0 smtpd<br \/>\n<\/strong><\/em><em><strong>\u00a0\u00a0\u00a0 \u00a0-o syslog_name=postfix\/smtps<br \/>\n<\/strong><\/em><em><strong>\u00a0\u00a0\u00a0 \u00a0-o smtpd_tls_wrappermode=yes<br \/>\n-o smtpd_tls_security_level=encrypt<br \/>\n<\/strong><\/em><em><strong>\u00a0\u00a0\u00a0 \u00a0-o smtpd_sasl_auth_enable=yes<br \/>\n-o smtpd_tls_auth_only=yes<br \/>\n<\/strong><\/em><\/p>\n<p><strong>NOTE: <\/strong>To enhance security, you can also add these lines in both blocks:<em><strong><br \/>\n-o smtpd_relay_restrictions=permit_sasl_authenticated,reject<br \/>\n-o milter_macro_daemon_name=ORIGINATING<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">Now you can close this file. <\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-9082\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix2.jpg\" alt=\"\" width=\"586\" height=\"484\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix2.jpg 942w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix2-300x248.jpg 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix2-768x634.jpg 768w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix2-150x124.jpg 150w\" sizes=\"auto, (max-width: 586px) 100vw, 586px\" \/><\/p>\n<p><strong>Ports 110 (POP3 with STARTTLS), 143 (IMAP with STARTTLS), 993 (IMAPS) and 995 (POP3S)<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">If you need to install an SSL certificate for Dovecot, it is essential to follow the next steps:<\/span><\/p>\n<p><span style=\"font-weight: 400;\"> 1. Open the file named <\/span><em><span style=\"font-weight: 400;\">10-ssl.conf<\/span><\/em><span style=\"font-weight: 400;\">. This file can be usually located in the <em>\/etc\/dovecot\/conf.d\/<\/em> directory.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">2. Edit the following lines:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">if \u00a0you save the certificate and private key in separate files:<\/span><\/p>\n<p><em><strong>\u00a0 ssl_cert = &lt;\/etc\/ssl\/certs\/certificate.crt<br \/>\n<\/strong><\/em><em><strong>\u00a0 ssl_key = &lt;\/etc\/ssl\/private\/yourdomainname.key<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">if \u00a0you save the certificate and private key in a single file:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0 <\/span><em><strong>ssl_cert = &lt;\/etc\/ssl\/certs\/cert_and_key.crt<br \/>\n<\/strong><\/em><em><strong>\u00a0 ssl_key = &lt;\/etc\/ssl\/certs\/cert_and_key.crt<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">3. Make sure that the<\/span><span style=\"font-weight: 400;\">ssl <\/span><span style=\"font-weight: 400;\">directive is set to <\/span><span style=\"font-weight: 400;\">yes<\/span><span style=\"font-weight: 400;\">:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><em><strong> ssl = yes<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">4. When the changes are made, close the <\/span><em><span style=\"font-weight: 400;\">10-ssl.conf<\/span><\/em><span style=\"font-weight: 400;\"> file. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">If the steps mentioned above are made, the SSL certificate is installed for all incoming ports now.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-9083\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix3.jpg\" alt=\"\" width=\"675\" height=\"160\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix3.jpg 948w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix3-300x71.jpg 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix3-768x182.jpg 768w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix3-150x36.jpg 150w\" sizes=\"auto, (max-width: 675px) 100vw, 675px\" \/><\/p>\n<p><strong>Useful tips:<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">Below you can find the information regarding some additional settings which can be useful in setting up your mail server\u2019s SSL\/TLS handling. For further information, you can refer to <\/span><a href=\"http:\/\/www.postfix.org\/TLS_README.html\"><span style=\"font-weight: 400;\">Postfix<\/span><\/a><span style=\"font-weight: 400;\"> and\u00a0<\/span><a href=\"http:\/\/wiki.dovecot.org\/SSL\/DovecotConfiguration\"><span style=\"font-weight: 400;\">Dovecot<\/span><\/a> <span style=\"font-weight: 400;\">official documentation regarding this matter as well.<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">On Dovecot, when you try to log in, there is an opportunity to set the <\/span><span style=\"font-weight: 400;\">ssl <\/span><span style=\"font-weight: 400;\">directive to <\/span><span style=\"font-weight: 400;\">the required <\/span><span style=\"font-weight: 400;\">value (<\/span><em><strong>ssl=required<\/strong><\/em><span style=\"font-weight: 400;\">), which implies forcing the SSL handshake.<br \/>\n<\/span><span style=\"font-weight: 400;\">In such cases, the password will be sent in a secure way, meanwhile with <\/span><span style=\"font-weight: 400;\"><em><strong>ssl = yes<\/strong><\/em>,<\/span><span style=\"font-weight: 400;\"> email clients are not requested to use SSL\/TLS in precedence. Both plaintext and non-plaintext authentication mechanisms can be applied with this setting.<br \/>\n<\/span><span style=\"font-weight: 400;\">In order to switch off the plaintext authentication mechanism, it is possible to use <\/span><span style=\"font-weight: 400;\">disable_plaintext_auth<\/span><span style=\"font-weight: 400;\"> directive (<em>\/etc\/dovecot\/conf.d\/<\/em><\/span><em><span style=\"font-weight: 400;\">10-auth.conf<\/span><\/em><span style=\"font-weight: 400;\">):<br \/>\n<\/span><em><strong>\u00a0 disable_plaintext_auth=yes<\/p>\n<p><\/strong><\/em><\/li>\n<li><span style=\"font-weight: 400;\">The following directives on Dovecot (\/etc\/dovecot\/<\/span><em><span style=\"font-weight: 400;\">dovecot.conf<\/span><\/em><span style=\"font-weight: 400;\">) can be used for eliminating the ciphers which are better not to be used due to low encryption strength:<br \/>\n<\/span><em><strong>\u00a0 ssl_dh_parameters_length = 2048<br \/>\n<\/strong><\/em><em><strong>\u00a0 ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL<\/strong><\/em><\/li>\n<li><span style=\"font-weight: 400;\">To exclude certain ciphers or protocols for opportunistic (STARTTLS) or mandatory (regular SSL) encryption, it is possible to use the following directives in \/etc\/postfix\/<\/span><em><span style=\"font-weight: 400;\">main.cf <\/span><\/em><span style=\"font-weight: 400;\">and assign the corresponding values to them:<br \/>\n<\/span><span style=\"font-weight: 400;\">&#8211; for mandatory TLS<br \/>\n<\/span><em><strong>\u00a0 smtpd_tls_mandatory_exclude_ciphers = [cipher] <\/strong><\/em><em><strong>smtpd_tls_mandatory_protocols = ![protocol]<br \/>\n<\/strong><\/em><span style=\"font-weight: 400;\">&#8211; for opportunistic TLS<br \/>\n<\/span><em><strong>smtpd_tls_exclude_ciphers = [cipher]<br \/>\n<\/strong><\/em><em><strong>smtpd_tls_protocols = ![protocol]<\/p>\n<p><\/strong><\/em><\/li>\n<li><span style=\"font-weight: 400;\">To set the server side cipher list more preferable over the client-side one, these directives can be used:<br \/>\n<\/span><span style=\"font-weight: 400;\">&#8211; on Dovecot (<em>\/etc\/dovecot\/conf.d\/<\/em><\/span><em><span style=\"font-weight: 400;\">10-ssl.conf<\/span><\/em><span style=\"font-weight: 400;\">)<br \/>\n<\/span><em><strong>\u00a0 ssl_prefer_server_ciphers = yes<br \/>\n<\/strong><\/em><span style=\"font-weight: 400;\">&#8211; on Postfix (<em>\/etc\/postfix\/<\/em><\/span><em><span style=\"font-weight: 400;\">main.cf<\/span><\/em><span style=\"font-weight: 400;\">)<br \/>\n<\/span><em><strong>\u00a0 tls_preempt_cipherlist = yes<\/p>\n<p><\/strong><\/em><\/li>\n<\/ul>\n<p><strong>How to check SSL installation<\/strong><\/p>\n<p><em><span style=\"font-weight: 400;\">OpenSSL<\/span><\/em><\/p>\n<p><span style=\"font-weight: 400;\">The OpenSSL toolkit helps to check the SSL certificate installation on a server both remotely and locally. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">In order to check STARTTLS ports, the following command should be run. Replace [port] with the port number and [protocol] with <\/span><em><span style=\"font-weight: 400;\">smtp, pop3 <\/span><\/em><span style=\"font-weight: 400;\">or<\/span><em><span style=\"font-weight: 400;\"> imap<\/span><\/em><span style=\"font-weight: 400;\"> value:<\/span><\/p>\n<p><em><strong>openssl s_client -connect example.com:[port] -servername example.com -starttls [protocol]<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">In order to check non-STARTTLS ports, use the following command: <\/span><\/p>\n<p><em><strong>openssl s_client -connect example.com:[port] -servername example.com<\/strong><\/em><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9084\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/dovecot_check.jpeg\" alt=\"\" width=\"1284\" height=\"777\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/dovecot_check.jpeg 1284w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/dovecot_check-300x182.jpeg 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/dovecot_check-1024x620.jpeg 1024w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/dovecot_check-768x465.jpeg 768w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/dovecot_check-150x91.jpeg 150w\" sizes=\"auto, (max-width: 1284px) 100vw, 1284px\" \/><\/p>\n<p><span style=\"font-weight: 400;\"><strong>How to check your secure connection<\/strong> <\/span><\/p>\n<p><span style=\"font-weight: 400;\">In order to check your mail server connectivity over SSL\/TLS, the online checkers listed below can be used. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">You need to specify the server hostname and port number or an existing email account and run the test. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">SSL-Tools:<\/span> <a href=\"https:\/\/ssl-tools.net\/mailservers\"><span style=\"font-weight: 400;\">https:\/\/ssl-tools.net\/mailservers<\/span><\/a><span style=\"font-weight: 400;\"> \u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">CheckTLS:<\/span> <a href=\"https:\/\/www.checktls.com\/index.html\"><span style=\"font-weight: 400;\">https:\/\/www.checktls.com\/index.html<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400;\">MXToolbox: <\/span><a href=\"https:\/\/mxtoolbox.com\/diagnostic.aspx\"><span style=\"font-weight: 400;\">https:\/\/mxtoolbox.com\/diagnostic.aspx<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400;\">High-Tech Bridge: <\/span><a href=\"https:\/\/www.htbridge.com\/ssl\"><span style=\"font-weight: 400;\">https:\/\/www.htbridge.com\/ssl<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This guide describes the ways to enable the SSL\/TLS encryption using a trusted SSL certificate for receiving secured incoming and outgoing connections on a Postfix-Dovecot server. For testing purposes, a Comodo (now Sectigo) PositiveSSL certificate has been used; however, to secure your mail server, you can purchase any certificate with us as they meet your ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-123","post","type-post","status-publish","format-standard","hentry","category-ssl-installation-instructions"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Installing and configuring an SSL certificate on Postfix\/Dovecot mail server \u2013 HelpDesk | SSLs.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server \u2013 HelpDesk | SSLs.com\" \/>\n<meta property=\"og:description\" content=\"This guide describes the ways to enable the SSL\/TLS encryption using a trusted SSL certificate for receiving secured incoming and outgoing connections on a Postfix-Dovecot server. For testing purposes, a Comodo (now Sectigo) PositiveSSL certificate has been used; however, to secure your mail server, you can purchase any certificate with us as they meet your ..Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/\" \/>\n<meta property=\"og:site_name\" content=\"SSL Certificate Knowledgebase | SSLs.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SSLsCom\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-09T07:21:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-16T13:55:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg\" \/>\n<meta name=\"author\" content=\"sslbizdev\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@SSLscom\" \/>\n<meta name=\"twitter:site\" content=\"@SSLscom\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"sslbizdev\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/\"},\"author\":{\"name\":\"sslbizdev\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806\"},\"headline\":\"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server\",\"datePublished\":\"2019-07-09T07:21:08+00:00\",\"dateModified\":\"2025-07-16T13:55:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/\"},\"wordCount\":1728,\"publisher\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg\",\"articleSection\":[\"SSL Installation instructions\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/\",\"name\":\"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server \u2013 HelpDesk | SSLs.com\",\"isPartOf\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg\",\"datePublished\":\"2019-07-09T07:21:08+00:00\",\"dateModified\":\"2025-07-16T13:55:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#primaryimage\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg\",\"contentUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ssls.com\/knowledgebase\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#website\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/\",\"name\":\"SSL Certificate Knowledgebase | SSLs.com\",\"description\":\"SSL Knowledgebase | SSLs.com\",\"publisher\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ssls.com\/knowledgebase\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#organization\",\"name\":\"SSLs.com\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png\",\"contentUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png\",\"width\":400,\"height\":400,\"caption\":\"SSLs.com\"},\"image\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SSLsCom\",\"https:\/\/x.com\/SSLscom\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806\",\"name\":\"sslbizdev\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g\",\"caption\":\"sslbizdev\"},\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/author\/sslbizdev\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server \u2013 HelpDesk | SSLs.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/","og_locale":"en_US","og_type":"article","og_title":"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server \u2013 HelpDesk | SSLs.com","og_description":"This guide describes the ways to enable the SSL\/TLS encryption using a trusted SSL certificate for receiving secured incoming and outgoing connections on a Postfix-Dovecot server. For testing purposes, a Comodo (now Sectigo) PositiveSSL certificate has been used; however, to secure your mail server, you can purchase any certificate with us as they meet your ..Read more","og_url":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/","og_site_name":"SSL Certificate Knowledgebase | SSLs.com","article_publisher":"https:\/\/www.facebook.com\/SSLsCom","article_published_time":"2019-07-09T07:21:08+00:00","article_modified_time":"2025-07-16T13:55:52+00:00","og_image":[{"url":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg","type":"","width":"","height":""}],"author":"sslbizdev","twitter_card":"summary_large_image","twitter_creator":"@SSLscom","twitter_site":"@SSLscom","twitter_misc":{"Written by":"sslbizdev","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#article","isPartOf":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/"},"author":{"name":"sslbizdev","@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806"},"headline":"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server","datePublished":"2019-07-09T07:21:08+00:00","dateModified":"2025-07-16T13:55:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/"},"wordCount":1728,"publisher":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#organization"},"image":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg","articleSection":["SSL Installation instructions"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/","url":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/","name":"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server \u2013 HelpDesk | SSLs.com","isPartOf":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#primaryimage"},"image":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg","datePublished":"2019-07-09T07:21:08+00:00","dateModified":"2025-07-16T13:55:52+00:00","breadcrumb":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#primaryimage","url":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg","contentUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/NEWpostfix1.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ssls.com\/knowledgebase\/"},{"@type":"ListItem","position":2,"name":"Installing and configuring an SSL certificate on Postfix\/Dovecot mail server"}]},{"@type":"WebSite","@id":"https:\/\/www.ssls.com\/knowledgebase\/#website","url":"https:\/\/www.ssls.com\/knowledgebase\/","name":"SSL Certificate Knowledgebase | SSLs.com","description":"SSL Knowledgebase | SSLs.com","publisher":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ssls.com\/knowledgebase\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.ssls.com\/knowledgebase\/#organization","name":"SSLs.com","url":"https:\/\/www.ssls.com\/knowledgebase\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/","url":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png","contentUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png","width":400,"height":400,"caption":"SSLs.com"},"image":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SSLsCom","https:\/\/x.com\/SSLscom"]},{"@type":"Person","@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806","name":"sslbizdev","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g","caption":"sslbizdev"},"url":"https:\/\/www.ssls.com\/knowledgebase\/author\/sslbizdev\/"}]}},"publishpress_future_action":{"enabled":false,"date":"2026-05-23 05:47:30","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/comments?post=123"}],"version-history":[{"count":6,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/123\/revisions"}],"predecessor-version":[{"id":9085,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/123\/revisions\/9085"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/media?parent=123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/categories?post=123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/tags?post=123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}