Sorry, I repeat Postfix doesn't need to authenticate any user sending throug it (not login/password)
This implies an extra configuration line? Thanks again. On Mon, Mar 13, 2017 at 4:19 PM, Jeronimo L. Cabral <[email protected]> wrote: > Thanks to both of you !!! > > I need STARTTLS server side connection, because the client side connection > is working OK. > > I have Postfix 2.11, so you say if I use STARTTLS with port TCP/25 the > authentication is in plain text...but if I set up STARTTLS on port TCP/587 > the authentication is encrypted too with TLS....I believed using STARTTLS > on port TCP/25 I have encrypted both login and data. > > In case I set up STARTTLS in port TCP/587, both login and data go through > it ??? Or just login through port TCP/587 and the data go through port > TCP/25 ??? > > Thanks again, regards !!! > > On Mon, Mar 13, 2017 at 4:04 PM, Viktor Dukhovni < > [email protected]> wrote: > >> On Mon, Mar 13, 2017 at 01:47:49PM -0500, Noel Jones wrote: >> >> > > smtpd_use_tls=yes >> > >> > postfix requires spaces around the " = " in the above parameters in >> > main.cf >> >> That's not accurate, while " = " is the "normal form" of main.cf >> settings as output by "postconf -n", the spaces are optional. >> >> > > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_ >> scache >> > > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache >> > >> > The TLS session cache is no longer necessary or desirable. Remove >> > these two parameters to allow openssl to automatically use session >> > tickets, which are better than the cache. >> >> As of Postfix 2.11. >> >> > > smtpd_tls_session_cache_timeout = 3600s >> > >> > Since you're not using cache, you can remove this entry too. >> >> This parameter also controls the lifetime of sesssion tickets, but >> since 3600s is the default value, there's no need to set it >> explicitly. >> >> -- >> Viktor. >> > >
