Postfix setup clarfication

Discussion in 'Server Operation' started by hadizeid, Feb 20, 2021.

  1. hadizeid

    hadizeid Member

    So i am using Postfix mail_version = 3.4.14.
    would like to get an advise on the below 2 settings:
    • smtpd_tls_security_level
    • smtp_tls_security_level

    i have seen those 2 having in some setups the value "= may" and in some the value "= encrypt"

    so which is better to use.
    as a side note i have put "smtpd_tls_security_level = encrypt" on a test server and i have seen a lot of spam mails reduction. guess it is because many servers were not able to authenticate, but i am not sure if this will make us loose legitimate emails.

    Appreciate if some of the Guru's here could advise .
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Using "may" means transport later encryption can be used; "encrypt" means it is required, ie. you won't be able to send to not receive from servers which do not have encryption. Surely you will see some reduction in spam as well as legitimate mail, and I have no idea to what extent.
    Last edited: Feb 20, 2021
    hadizeid likes this.
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    There are a lot of misconfigured systems out there, so it is good to make your setup quite accepting.
    hadizeid likes this.
  4. hadizeid

    hadizeid Member

  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I think this is more of the standard now, and it was not when writing the guide for Debian 10 - or the option did not exist back then.

    Enabling this should only force TLS for logins from your clients, so they don't connect through a unencrypted connection - it should not affect the connections from other mailservers.

Share This Page