Hi Yousuf,
On 2015-04-04 at 22:58 Muhammad Yousuf Khan wrote:
BTW does it unsure my server if i comment out this like "-o
smtpd_tls_security_level=encrypt'
It depends on your policy/topology/...
Based on your setting in main.cf there is at least STARTTLS offered on
port 25 (smtpd_tls_security_level=may).
However, for clients that I can control - like in your case - I would
always use port 587 for submission these days.
Technically, it is the same to port 25 but you can enforce more strict
rules for this port, like it's given in the default master.cf template:
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
This allows only TLS-secured and authenticated delivery on port 587,
everything else (i.e. spammers) gets blocked.
If there are no other servers that deliver mails via SMTP based on your
MX record in the DNS you could also turn off port 25 entirely.
Cheers,
Mathias.
