How to enable Outbound Opportunistic TLS in Postfix

article1

Most ISPs like Gmail, Hotmail and Yahoo now support Server-side-tls. ESPs like Sendgrid, Sparkpost, Mailchimp have also enabled outbound TLS in their MTAs.

You can either enforce Postfix to always use TLS or the other recommend way is to use ‘Opportunistic TLS’ so Postfix should use TLS when the recipient domain supports it otherwise falls back to non-TLS connection.

vim /etc/postfix/main.cf

Add after “smtp_banner” settings.

smtp_tls_security_level = may

Reload Postfix

systemctl reload postfix.service

Verify logs for errors.

tail -f /var/log/mail.log

Expected output:

Nov 26 13:21:54 console postfix/postfix-script[9285]: refreshing the Postfix mail systemNov 26 13:21:54 console postfix/master[2323]: reload -- version 3.1.0, configuration /etc/postfix

Comments

Popular posts from this blog

How to include Gmail's Feedback-ID header in DKIM signature

How to enable inbound TLS(starttls) in Postfix with Signed Certificate from CA(LetsEncrypt)

421 4.5.1 No more messages on this connection http://tele.dk/25153