On 2015-04-06 14:27, Muhammad Yousuf Khan wrote:
in light of your above suggestions. i enabled
smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
main.cf [2], i enabled "smtpd_tls_security_level=encrypt" (i know
master.cf [1] entry will override but i set encryption in both files)
You are now again enforcing TLS encrypted connections on port 25.
Set "smtpd_tls_security_level=may" in main.cf to enable opportunistic
TLS mode and override this setting to force TLS only on the submission
service as you have already done.
http://www.postfix.org/postconf.5.html#smtpd_tls_security_level
-c
