Enforcing STARTTLS on submission port 587

Welcome file

The following settings will enable opportunistic TLS for inbound connections on default smtp port(25).

smtpd_tls_security_level = may

You can enforce STARTTLS on submission port e.g 587 by editing /etc/postfix/master.cf

submission inet n       -       n       -       -       smtpd -o smtpd_tls_security_level=encrypt

This will enforce STARTTLS on port 587.


  • You would also need to first generate self signed or intermediate certificate to enable inbound TLS in Postfix.


Popular posts from this blog

StatusDnsQueryFailed resolving domain

How to include Gmail's Feedback-ID header in DKIM signature

How to send emails over IPv4 with Postfix