> On Mar 31, 2017, at 4:03 PM, Xinhuan Zheng <xzh...@christianbook.com> wrote:
>
> Does anyone in postfix mailing list have experience using Postifx software
> for sending bulk emails with TLS encryption? Can you share your experience
> with me?
TLS does not materially affect the performance of bulk-email delivery except
when a high-volume destination's MX host set includes some hosts that are
down. When one of the MX hosts is down and you don't use TLS, connection
re-use will shift more of the load to the hosts that are up. With TLS there
is no connection re-use, and so connection latency may rise if the remote
destination is partly down. This is rare in practice for high-volume
destinations.
> So I’m planning on using recent CentOS 7 operating system. But as I look at
> its repository, postfix and openssl appear to be old versions.
Postfix TLS support is reasonably mature by Postfix 2.8, but older versions
should also be fine. Just set:
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_ciphers = medium
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_ciphers = medium
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = ... your cert file location ...
smtpd_tls_key_file = ... your key file location if different from cert
file ...
if these are not already the defaults for your Postfix version.
--
Viktor.
