recommendation for buster - smtpd_tls_security_level in

  • what would be your recommendation with extra TLS parameter in use with debian buster for the submission part in is set to:

    1. smtpd_tls_security_level = may
    2. smtp_tls_security_level = may
    3. smtpd_tls_received_header = yes
    4. smtpd_use_tls = yes
    5. smtpd_tls_auth_only = yes
    6. tls_preempt_cipherlist = yes

    should following parameters be integrated into when using tls_wrappermode for submission?

    1. -o smtpd_tls_security_level=encrypt
    2. -o smtpd_enforce_tls=yes

    complete part

  • You can use this listener to enforce TLS for submission:…

    This entry should be sufficient:

    1. -o smtpd_tls_security_level=encrypt

    And I think, you do not want to use "tls_wrappermode" for submission - all latest mail clients are correctly using StartTLS.

    sorry, I meant when tls_wrappermode is enabled in the smtps part - default imscp configuration when TLS is enabled:

    1. smtps inet n - y - - smtpd
    2. -o smtpd_tls_wrappermode=yes
    3. -o smtpd_sasl_auth_enable=yes
    4. -o smtpd_client_restrictions=permit_sasl_authenticated,reject

    OK, so the listener does the same except:

    -o smtpd_enforce_tls=yes