Enforcing STARTTLS on submission port 587

Welcome file

The following settings will enable opportunistic TLS for inbound connections on default smtp port(25).

smtpd_tls_security_level = may

You can enforce STARTTLS on submission port e.g 587 by editing /etc/postfix/master.cf

submission inet n       -       n       -       -       smtpd -o smtpd_tls_security_level=encrypt

This will enforce STARTTLS on port 587.


  • You would also need to first generate self signed or intermediate certificate to enable inbound TLS in Postfix.


Popular posts from this blog

How to enable inbound TLS(starttls) in Postfix with Signed Certificate from CA(LetsEncrypt)

421 4.5.1 No more messages on this connection http://tele.dk/25153