On 3/13/2017 1:18 PM, Jeronimo L. Cabral wrote: > Dear, I want mail clients to send messages to Internet through an > own mail relay Posfix as smtpd server (no as client), let's say: > > Mail client ---STARTTLS ---- Postfix listening on Port TCP/25 --- > Internet SMTP servers > > Also, I don't need authentication to send mails from the Postfix > mail relay. > > In /etc/postfix/main.cf <http://main.cf> I setup: > > # TLS parameters for smtpd > > smtpd_tls_cert_file=/etc/postfix/SSL/MailRelay-server-public.crt > > smtpd_tls_key_file=/etc/postfix/SSL/MailRelay-server-private.pem > > smtpd_use_tls=yes
postfix requires spaces around the " = " in the above parameters in main.cf Note that "smtpd_use_tls" is a deprecated parameter. The correct/current parameter for postfix 2.3 and newer is smtpd_tls_security_level. You didn't mention which version of postfix you're using, but hopefully you're not stuck on a 10 year old version, or using a 10 year old how-to. http://www.postfix.org/TLS_README.html#client_tls http://www.postfix.org/postconf.5.html#smtp_tls_security_level > > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache The TLS session cache is no longer necessary or desirable. Remove these two parameters to allow openssl to automatically use session tickets, which are better than the cache. > > smtpd_tls_loglevel = 2 Use a loglevel of 0 or 1. Loglevels above 1 will bury the important and useful log entries. > > tls_random_source = dev:/dev/urandom > > smtpd_tls_session_cache_timeout = 3600s Since you're not using cache, you can remove this entry too. > > smtpd_tls_CApath = /etc/ssl/certs > > Is this configuration Ok in order to let Postfix accept STARTTLS > connectiosn from clients ??? > > Thanks a lot, > > Jelo -- Noel Jones
