# cd /etc/ssl/
# nano -w openssl.cnf

#Change the following default values for your domain:
countryName_default
stateOrProvinceName_default
localityName_default
0.organizationName_default
commonName_default
emailAddress_default.

#(If the variables are not already present, just 
# add them in a sensible place.)

cd misc
nano -w CA.pl

# (We need to add -nodes to the create a certificate and
# create a certificate request code in order to let our new ssl
# certs be loaded without a password. Otherwise when you
# reboot your ssl certs will not be available.)
# Add '-nodes' to make the following lines:
--------
# create a certificate
system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");

# create a certificate request
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
-------- 
        
./CA.pl -newca
./CA.pl -newreq
./CA.pl -sign
cp newcert.pem /etc/postfix
cp newreq.pem /etc/postfix
cp demoCA/cacert.pem /etc/postfix

# Add the following lines to the postfix /etc/postfix/main.cf :

smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom