Postfix on SuSE comes built with support for SSL/TLS, so all that is needed is configuration of the server to allow SSL connections. The first thing you need to do is create the server certificate as detailed in the Introduction to SSL. You need to copy the server key and the server certificate to the /etc/postfix directory. It is very important that you change the permissions on the server private key:
chown root.root server.key
chmod 400 server.key
Edit the /etc/postfix/main.cf
Add the following lines to the end of the document...
# Other configurable parameters.
smtpd_tls_key_file = /etc/postfix/zen.key
smtpd_tls_cert_file = /etc/postfix/zen.pem
smtpd_tls_CAfile = /etc/postfix/CAcert.pem
smtpd_use_tls = yes
smtpd_tls_key_file is the location of the server private key.
smtpd_tls_cert_file is the location of the server certificate.
smtpd_tls_CAfile is the location of the Certificate Authority certificate (needed to
verify the certificates).
smtpd_use_tls TLS is not active by default. You need to specifically tell the Postfix
server that it should support TLS.
Once the server configuration is complete, restart Postfix and check that TLS has been activated:
justin@zen:~> telnet mail.suse.co.uk 25
Trying 10.32.0.1...
Connected to mail.suse.co.uk.Escape character is ^]
220 mail.suse.co.uk
ESMTP Postfix
EHLO zen.suse.co.uk
250-mail.suse.co.uk
250-PIPELINING
250-SIZE 10240000250-ETRN
250-STARTTLS
250 8BITMIME
STARTTLS
220 Ready to start TLS
The server response of "220 Ready to start TLS" after issuing the STARTTLS signifies that the server is willing to communicate over TLS.
At this point, look at /var/log/mail to see if there are any errors.
TLS will warn you if a certificate can not be loaded, or if TLS cannot be started for
some reason.