I have been running postfix for several years. The latest certificate has almost run out so I switched to letsencrypt. Whilst installing the certificate and key in master.cf it occurred to me to wonder if I wasn't over-specifying their use. I have checked around the web and found nothing like my setup for master.cf. I have the following for smtp and submission...
smtp inet n - n - - smtpd -o content_filter=spamfilter -o smtpd_tls_cert_file=/etc/letsencrypt/live/(name).pem -o smtpd_tls_key_file=/etc/letsencrypt/live/(name).pem -o smtp_tls_cert_file=/etc/letsencrypt/live/(name).pem -o smtp_tls_key_file=/etc/letsencrypt/live/(name).pem submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=no -o smtpd_tls_security_level=encrypt -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_auth_enable=yes -o receive_override_options=no_header_body_checks # -o milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_tls_cert_file=/etc/letsencrypt/live/(name).pem -o smtpd_tls_key_file=/etc/letsencrypt/live/(name).pem -o smtp_tls_cert_file=/etc/letsencrypt/live/(name).pem -o smtp_tls_key_file=/etc/letsencrypt/live/(name).pem Do I need smtp_tls_cert/key in the smtp section or is it superfluous/stupid? Also, some time back I picked up the line... -o milter_macro_daemon_name=ORIGINATING but never got around to implementing it. Is this something I should use? I am unclear as to its purpose. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
