Enforcing STARTTLS on submission port 587
Welcome file The following settings will enable opportunistic TLS for inbound connections on default smtp port(25). smtpd_tls_security_level = may You can enforce STARTTLS on submission port e.g 587 by editing /etc/postfix/master.cf submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt This will enforce STARTTLS on port 587. Note: You would also need to first generate self signed or intermediate certificate to enable inbound TLS in Postfix.