To build Postfix with TLS support, first we need to generate
the make(1) files with the necessary definitions. This is
done by invoking the command "make makefiles" in the Postfix
top-level directory and with arguments as shown next.
NOTE: Do not use Gnu TLS. It will spontaneously terminate
a Postfix daemon process with exit status code 2, instead of allowing
Postfix to 1) report the error to the maillog file, and to 2) provide
plaintext service where this is appropriate.
-
If the OpenSSL include files (such as ssl.h) are
in directory /usr/include/openssl, and the OpenSSL libraries
(such as libssl.so and libcrypto.so) are in
directory /usr/lib:
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_TLS" AUXLIBS="-lssl -lcrypto"
-
If the OpenSSL include files (such as ssl.h) are
in directory /usr/local/include/openssl, and the OpenSSL
libraries (such as libssl.so and libcrypto.so)
are in directory /usr/local/lib:
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
AUXLIBS="-L/usr/local/lib -lssl -lcrypto"
On Solaris, specify the -R option as shown below:
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
AUXLIBS="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto"
If you need to apply other customizations (such as Berkeley DB
databases, MySQL, PostgreSQL, LDAP or SASL), see the respective
Postfix README documents, and combine their "make makefiles"
instructions with the instructions above:
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_TLS \
(other -D or -I options)" \
AUXLIBS="-lssl -lcrypto \
(other -l options for libraries in /usr/lib) \
(-L/path/name + -l options for other libraries)"
To complete the build process, see the Postfix
INSTALL
instructions. Postfix has TLS support turned off by default, so
you can start using Postfix as soon as it is installed.
