On 1/19/2012 1:39 AM, bsd wrote: > > Maybe I should use STARTTLS instead of the wrapper mode ?
It's quite common to offer both, which I think is reasonable. > > What are the pros and cons of each solution ? wrappermode is a non-standard legacy mode that some clients prefer. In their config screens, many clients refer to wrappermode on 465 as SSL, and STARTTLS as TLS. There is no significant difference in security or functionality, but the on-wire protocols are incompatible. > > Can I provide both with the same auth backend mechanism (I use dovecot) ? You can enable both 587/STARTTLS and 465/wrappermode within the same postfix with no extra configuration in the auth backend. You can use syslog_name in master.cf to note which port a client is using, something like: smtps .... smtpd ... everything else ... -o syslog_name=postfix-smtps submission ... smtpd ... everything else ... -o syslog_name=postfix-submission -- Noel Jones