On Thu, Nov 28, 2024 at 03:02:36PM +0100, Ivica Glavočić via Postfix-users
wrote:
> I wanted to enable SSL/TLS implicit encryption on port 465, in order
> to do that, I added option smtpd_tls_wrappermode = yes in main.cf
> config file, it worked.
No, it did not "work", because in main.cf it affects *all* SMTP
services, including those on ports 25 and 587 that MUST NOT
use wrapper mode. This setting goes in master.cf as a "-o ..."
smtpd(8) command-line option. It would go into main.cf ONLY
on systems that do not support either port 25 or port 587.
> Is there a way to enable implicit SSL/TLS encryption on port 465 and
> keep ip relay without authentication and encryption active?
The stock Postfix master.cf file:
https://www.postfix.org/postconf.5.html#master.5.html
includes (commented-out by default):
#submissions inet n - n - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_forbid_unauth_pipelining=no
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o local_header_rewrite_clients=static:all
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
Uncomment, and adjust this to your needs...
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
