On Sun, Apr 24, 2022 at 06:34:17PM +0800, ミユナ (alice) wrote: > but for smtp service on port 25, how other MTA talks to me? they are > using plain, startTLS or SSL?
STARTTLS: https://datatracker.ietf.org/doc/html/rfc3207 > My configuration on main.cf include: > > smtp_use_tls = yes > smtpd_use_tls = yes These are obsolete and unnecessary. > smtp_tls_security_level = may > smtpd_tls_security_level = may These are the preferred way to enable opportunistic TLS. > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache You typically don't need this, session tickets make a server-side cache needless baggage. > smtpd_sasl_auth_enable = yes You would typically enable SASL only ports 465 and 587, in master.cf rather than main.cf. -- Viktor.
