On Fri, Jan 12, 2018 at 4:06 PM, Viktor Dukhovni <postfix-us...@dukhovni.org > wrote:
> > > > On Jan 12, 2018, at 3:55 PM, Sean Son <linuxmailinglistsem...@gmail.com> > wrote: > > > > By default, TLS is disabled in the Postfix SMTP server, so no difference > to plain Postfix is visible. Explicitly switch it on with > "smtpd_tls_security_level = may". > > > > Example: > > > > /etc/postfix/main.cf > > : > > > > smtpd_tls_security_level > > = may > > > > With this, the Postfix SMTP server announces STARTTLS support to remote > SMTP clients, but does not require that clients use TLS encryption. > > > > I think this is the correct solution? Would this require an SSL cert? > > Yes, of course. See: > > http://www.postfix.org/TLS_README.html#quick-start > > and if your Postfix release is older than Postfix 3.1, in particular: > > http://www.postfix.org/TLS_README.html#self-signed > > -- > Viktor. > > Thank you Viktor.. it looks like I will need either a self signed or signed SSL cert from a CA to be able to offer STARTTLS. Please let me know if I am wrong. Thanks
