On Mon, Mar 13, 2017 at 03:18:07PM -0300, Jeronimo L. Cabral wrote:
> Dear, I want mail clients to send messages to Internet through an own mail
> relay Posfix as smtpd server (no as client), let's say:
This is not a well formed question. There is no such thing as
sending mail as a server vs as a client. In each SMTP transaction
the sending side is a client, and the receiving side is a server.
The standard way of handling *outbound* email, i.e. email from your
users to remote destinations, is via a *submission* service on port
587. The submission service authenticates the users (with TLS to
protect the transmission of passwords and confidentiality of the
message) and then relays the mail on towards its destination.
> Mail client ---STARTTLS ---- Postfix listening on Port TCP/25 --- Internet
> SMTP servers
Change port 25 to 587.
> Also, I don't need authentication to send mails from the Postfix mail relay.
Certainly not *from* the relay to the Internet, but you would
typically authenticate mail coming in *to* the relay. Why would
that not be necessary in your case?
> In /etc/postfix/main.cf I setup:
>
> smtpd_tls_cert_file=/etc/postfix/SSL/MailRelay-server-public.crt
> smtpd_tls_key_file=/etc/postfix/SSL/MailRelay-server-private.pem
OK.
> smtpd_use_tls=yes
Replace that with "smtpd_tls_security_level = may" for port 25, or
"-o smtpd_tls_security_level=encrypt" in master.cf for the submission
service on port 587 (aka "submission inet ... smtpd ...").
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
As of Postfix 2.11, TLS session tickets obsolete the server-side cache,
so set this empty with Postfix 2.11 or later.
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_tls_loglevel = 2
Except when debugging a system to report more detail as requested
on this list, the log level should be 1. Log level 2 is too verbose
for production use.
--
Viktor.
