On Tue, Mar 23, 2010 at 2:32 PM, Victor Duchovni <victor.ducho...@morganstanley.com> wrote: > On Tue, Mar 23, 2010 at 02:23:30PM -0400, Carlos Mennens wrote: > >> In my Postfix main.cf, I have the following TLS parameters: >> >> smtpd_use_tls = yes #announce STARTTLS support to SMTP clients, but do > > This is the Postfix 2.2 syntax. With 2.3 and later, use: > > smtpd_tls_security_level = may
I updated my main.cf. Thanks! > Note, Postfix does not support comments and configuration settings on > the same line. I only did the comments as I did to show my understanding of the parameters (right or wrong) but I didn't have my main.cf actually commented so. I did however learn the proper syntax by your example! Thanks! >> smtpd_tls_loglevel = 1 #loglevel >> smtpd_tls_cert_file = /etc/ssl/certs/mail.crt # Cert file >> smtpd_tls_key_file = /etc/ssl/private/mail.key # Key file >> smtpd_tls_security_level = may # ? > > Use this instead of "smtpd_use_tls". Noted. >> smtpd_tls_auth_only = yes # ? > > Disable SASL authentication for un-encrypted connections. I am guessing I only have the above since 'smtpd_tls_security_level = may' is set and not mandatory, correct? If I configured that 'may' to 'encrypt', then there is no reason to 'disable SASL authenticaion for un-encrypted connections' as you noted, right? So would this look correct to you in main.cf: # SASL settings smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous # TLS settings smtpd_tls_security_level = encrypt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache tls_random_source = dev:/dev/urandom #?? smtpd_tls_auth_only = yes ?? Do I enable the last parameter for SASL authentication if I changed 'may' to 'enrypt'? Do you see me missing anything?
