Re: I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed

Wed, 25 Aug 2021 08:20:51 -0700 

On Wed, Aug 25, 2021 at 10:56:20PM +0800, Turritopsis Dohrnii Teo En Ming wrote:

> smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
> smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache

You might note that the directory needs to be writable by the "postfix"
user, and its default location ($data_directory) varies between the
Postfix packages for various operating systems.

> Add the following lines to /etc/postfix/master.cf:
> 
> submission      inet    n       -       n       -       -       smtpd
> smtps           inet    n       -       n       -       -       smtpd

In addition to Wietse's comment re "wrapper mode", you'd typically also
want to enable and require authentication and tweak the various restrictions
to allow relaying by authenticated users.

The "stock" upstream master.cf file has commented out templates for
fully configured submission services.  Use these as a starting point,
and don't enable SASL or allow outbound relaying on port 25.

    #submission inet n       -       n       -       -       smtpd
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #     Instead of specifying complex smtpd_<xxx>_restrictions here,
    #     specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
    #     here, and specify mua_<xxx>_restrictions in main.cf (where
    #     "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
    #  -o smtpd_client_restrictions=
    #  -o smtpd_helo_restrictions=
    #  -o smtpd_sender_restrictions=
    #  -o smtpd_relay_restrictions=
    #  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING

    #submissions     inet  n       -       n       -       -       smtpd
    #  -o syslog_name=postfix/submissions
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #     Instead of specifying complex smtpd_<xxx>_restrictions here,
    #     specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
    #     here, and specify mua_<xxx>_restrictions in main.cf (where
    #     "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
    #  -o smtpd_client_restrictions=
    #  -o smtpd_helo_restrictions=
    #  -o smtpd_sender_restrictions=
    #  -o smtpd_relay_restrictions=
    #  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING

-- 
    Viktor.

Reply via email to