On 22 December 2017 at 09:38, li...@lazygranch.com <li...@lazygranch.com> wrote:
> ... > From main.cf (sanitized): > -------------------------------- > # TLS > smtpd_use_tls = yes > > smtpd_tls_security_level = may > smtpd_tls_auth_only = yes > smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem > smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.com/fullchain.pem > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > #next line experimental > > smtpd_tls_ask_ccert = yes > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom BTW, smtpd_use_tls = yes is deprecated for Postfix 2.3+: smtpd_tls_security_level = may achieves the same thing.