Sorry, I repeat Postfix doesn't need to authenticate any user sending
throug it (not login/password)
This implies an extra configuration line?
Thanks again.
On Mon, Mar 13, 2017 at 4:19 PM, Jeronimo L. Cabral <jelocab...@gmail.com>
wrote:
> Thanks to both of you !!!
>
> I need STARTTLS server side connection, because the client side connection
> is working OK.
>
> I have Postfix 2.11, so you say if I use STARTTLS with port TCP/25 the
> authentication is in plain text...but if I set up STARTTLS on port TCP/587
> the authentication is encrypted too with TLS....I believed using STARTTLS
> on port TCP/25 I have encrypted both login and data.
>
> In case I set up STARTTLS in port TCP/587, both login and data go through
> it ??? Or just login through port TCP/587 and the data go through port
> TCP/25 ???
>
> Thanks again, regards !!!
>
> On Mon, Mar 13, 2017 at 4:04 PM, Viktor Dukhovni <
> postfix-us...@dukhovni.org> wrote:
>
>> On Mon, Mar 13, 2017 at 01:47:49PM -0500, Noel Jones wrote:
>>
>> > > smtpd_use_tls=yes
>> >
>> > postfix requires spaces around the " = " in the above parameters in
>> > main.cf
>>
>> That's not accurate, while " = " is the "normal form" of main.cf
>> settings as output by "postconf -n", the spaces are optional.
>>
>> > > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_
>> scache
>> > > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> >
>> > The TLS session cache is no longer necessary or desirable. Remove
>> > these two parameters to allow openssl to automatically use session
>> > tickets, which are better than the cache.
>>
>> As of Postfix 2.11.
>>
>> > > smtpd_tls_session_cache_timeout = 3600s
>> >
>> > Since you're not using cache, you can remove this entry too.
>>
>> This parameter also controls the lifetime of sesssion tickets, but
>> since 3600s is the default value, there's no need to set it
>> explicitly.
>>
>> --
>> Viktor.
>>
>
>
