Dnia 8.12.2022 o godz. 11:29:35 Sam pisze: > My plan is to pass port 465 > straight to haproxy, then haproxy does the encryption in and out. > Ports 587 and 25 won't even be exposed. I only need one port. What > kind of scenario are we trying to prevent?
Is your Postfix instance for sending mail only? Does it not receive any mail? Because if it receives anything, you'll need port 25. And communication on port 25 needs STARTTLS, as the same port handles both cleartext and encrypted communication. If it's a send-only instance, and the only connections to Postfix are made by users' mail clients to send mail, you can indeed use port 465 only, and you have of course to tell your users that they should use only this port for their client configuration. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
