Thanks to both of you !!!
I need STARTTLS server side connection, because the client side connection
is working OK.
I have Postfix 2.11, so you say if I use STARTTLS with port TCP/25 the
authentication is in plain text...but if I set up STARTTLS on port TCP/587
the authentication is encrypted too with TLS....I believed using STARTTLS
on port TCP/25 I have encrypted both login and data.
In case I set up STARTTLS in port TCP/587, both login and data go through
it ??? Or just login through port TCP/587 and the data go through port
TCP/25 ???
Thanks again, regards !!!
On Mon, Mar 13, 2017 at 4:04 PM, Viktor Dukhovni <postfix-us...@dukhovni.org
> wrote:
> On Mon, Mar 13, 2017 at 01:47:49PM -0500, Noel Jones wrote:
>
> > > smtpd_use_tls=yes
> >
> > postfix requires spaces around the " = " in the above parameters in
> > main.cf
>
> That's not accurate, while " = " is the "normal form" of main.cf
> settings as output by "postconf -n", the spaces are optional.
>
> > > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_
> scache
> > > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> >
> > The TLS session cache is no longer necessary or desirable. Remove
> > these two parameters to allow openssl to automatically use session
> > tickets, which are better than the cache.
>
> As of Postfix 2.11.
>
> > > smtpd_tls_session_cache_timeout = 3600s
> >
> > Since you're not using cache, you can remove this entry too.
>
> This parameter also controls the lifetime of sesssion tickets, but
> since 3600s is the default value, there's no need to set it
> explicitly.
>
> --
> Viktor.
>
