> On Mar 31, 2017, at 4:03 PM, Xinhuan Zheng <xzh...@christianbook.com> wrote: > > Does anyone in postfix mailing list have experience using Postifx software > for sending bulk emails with TLS encryption? Can you share your experience > with me?
TLS does not materially affect the performance of bulk-email delivery except when a high-volume destination's MX host set includes some hosts that are down. When one of the MX hosts is down and you don't use TLS, connection re-use will shift more of the load to the hosts that are up. With TLS there is no connection re-use, and so connection latency may rise if the remote destination is partly down. This is rare in practice for high-volume destinations. > So I’m planning on using recent CentOS 7 operating system. But as I look at > its repository, postfix and openssl appear to be old versions. Postfix TLS support is reasonably mature by Postfix 2.8, but older versions should also be fine. Just set: smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_ciphers = medium smtp_tls_security_level = may smtp_tls_loglevel = 1 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_ciphers = medium smtpd_tls_security_level = may smtpd_tls_loglevel = 1 smtpd_tls_cert_file = ... your cert file location ... smtpd_tls_key_file = ... your key file location if different from cert file ... if these are not already the defaults for your Postfix version. -- Viktor.