On 4/9/2015 6:13 AM, Muhammad Yousuf Khan wrote: > Thanks Neol you cleared my big confusion i thought 25 is for MTA and > 587 will never receive email from MTA. thanks for that.
Other MTAs will always connect to port 25; smtpd_tls_security_level must be set to "may" on port 25, or as the main.cf setting. Port 587 will only be used by clients, unauthenticated connections should be rejected; -o smtpd_tls_security_level=encrypt should be set on the master.cf submission service to require TLS from clients. Clients may also connect to port 25 if your local policy allows it, although most sites require clients use 587. So you can set main.cf "smtpd_tls_auth_only = yes" to require that clients use TLS before they can use AUTH. > > now one last question. > > my master.cf <http://master.cf> has set > -o smtpd_tls_security_level=encrypt I'm going to assume this override is under the "submission" service. Too bad you left out that important detail. > > > it is said that when parameters are set in master.cf > <http://master.cf> they override main.cf <http://main.cf> parameter. Yes, that is correct, but only for the service the parameter appears under. > > now i set. main.cf <http://main.cf> parameters. > smtp_tls_security_level=may > smtpd_tls_security_level=may The main.cf parameter sets the security level for services in master.cf that do not have an -o override, such as the "smtp" service that listens on port 25, and your content_filter listener on 10025. > > > i believe that if master.cf <http://master.cf> parameter set as "-o > smtpd_tls_security_level=encrypt" it should throw the same error as > if this parameter set in main.cf <http://main.cf> > however now my mails are properly working and master.cf > <http://master.cf> not overriding it. The master.cf -o overrides are only used by the services they appear under. -- Noel Jones
