recommendation for buster - smtpd_tls_security_level in master.cf?

  • what would be your recommendation with extra TLS parameter in use with debian buster for the submission part in master.cf?


    main.cf is set to:

    Code
    1. smtpd_tls_security_level = may
    2. smtp_tls_security_level = may
    3. smtpd_tls_received_header = yes
    4. smtpd_use_tls = yes
    5. smtpd_tls_auth_only = yes
    6. tls_preempt_cipherlist = yes

    should following parameters be integrated into master.cf when using tls_wrappermode for submission?

    Code
    1. -o smtpd_tls_security_level=encrypt
    2. -o smtpd_enforce_tls=yes


    complete part

  • You can use this listener to enforce TLS for submission:

    https://github.com/i-MSCP/imsc…postfix_submission_tls.pl


    This entry should be sufficient:

    Code
    1. -o smtpd_tls_security_level=encrypt

    And I think, you do not want to use "tls_wrappermode" for submission - all latest mail clients are correctly using StartTLS.

    sorry, I meant when tls_wrappermode is enabled in the smtps part - default imscp configuration when TLS is enabled:

    Code
    1. smtps inet n - y - - smtpd
    2. -o smtpd_tls_wrappermode=yes
    3. -o smtpd_sasl_auth_enable=yes
    4. -o smtpd_client_restrictions=permit_sasl_authenticated,reject


    OK, so the listener does the same except:

    -o smtpd_enforce_tls=yes