** You can buy ssl (willcard ssl) for your domain and download files
tayabkhan_com.key
STAR_tayabkhan_com.crt
server.ca-bundle
#OR
#Generate private ssl key
openssl req -new -newkey rsa:2048 -nodes -out certreq.txt -keyout private.key
mkdir -p /etc/postfix/ssl
###### vi /etc/posfix/main.cf
# tls config
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/ssl/tayabkhan_com.key
smtpd_tls_cert_file = /etc/postfix/ssl/STAR_tayabkhan_com.crt
smtpd_tls_CAfile = /etc/postfix/ssl/server.ca-bundle
##### vi /etc/postfix/master.cf
#smtp inet n - n - - smtpd
## for 587 port
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
## for 465 port
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# service postfix restart
##### vi /etc/dovecot/dovecot.conf
ssl = required
ssl_ca = </etc/pki/tls/certs/server.ca-bundle
ssl_cert = </etc/pki/tls/certs/STAR_tayabkhan_com.crt
ssl_key = </etc/pki/tls/private/tayabkhan_com.key
disable_plaintext_auth = yes
/etc/dovecot/dovecot.conf has the following line:
protocols = imap pop3 imaps pop3s
Edit the /etc/dovecot/conf.d/10-ssl.conf file in the following way:
ssl_disable = no
If you save the certificate and private key in separate files:
ssl_cert_file = </etc/ssl/certs/certificate.crt
ssl_key_file = </etc/ssl/private/yourdomainname.key
If you save the certificate and private key in a single file:
ssl_cert_file = </etc/ssl/certs/cert_and_key.crt
ssl_key_file = </etc/ssl/certs/cert_and_key.crt