On 1/19/2012 1:39 AM, bsd wrote:
> 
> Maybe I should use STARTTLS instead of the wrapper mode ? 

It's quite common to offer both, which I think is reasonable.

> 
> What are the pros and cons of each solution ? 

wrappermode is a non-standard legacy mode that some clients prefer.
 In their config screens, many clients refer to wrappermode on 465
as SSL, and STARTTLS as TLS.

There is no significant difference in security or functionality, but
the on-wire protocols are incompatible.

> 
> Can I provide both with the same auth backend mechanism (I use dovecot) ? 

You can enable both 587/STARTTLS and 465/wrappermode within the same
postfix with no extra configuration in the auth backend.

You can use syslog_name in master.cf to note which port a client is
using, something like:
smtps .... smtpd
... everything else ...
-o syslog_name=postfix-smtps

submission ... smtpd
... everything else ...
-o syslog_name=postfix-submission



  -- Noel Jones

Reply via email to