Dnia 28.02.2025 o godz. 20:45:01 Viktor Dukhovni via Postfix-users pisze: > > The OP can also wrap an unencrypted connection into stunnel, that should > > work. > > Mandatory STARTTLS is not unencrypted. Postfix-to-Postfix over port 587 > is not less secure than over 465. Just an extra couple of network > round-trips that don't much matter in email. Think of it as a less than > optimal TCP handshake before TLS starts.
The OP insists that he wants to use wrapper mode and not STARTTLS, so I suggested the solution to do so. Configure stunnel from for example localhost:10000 to relay_server:465, and set in Postfix config to use just localhost:10000 as a relay, without STARTTLS at all. Stunnel is a great tool when you want to make a TLS-wrapped connection from, or to, something that doesn't support TLS wrapper mode natively :) -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
