Does anyone know how to tell Postfix to encrypt outgoing mail?
I have configured it to use encryption on reception, but I'm unable to do it with the outgoing mail. This is my main.cf file:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
transport_maps = hash:/etc/postfix/transport
# tls config
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Best Answer
smtp_tls_security_level = encrypt or smtp_enforce_tls=yes
For specific destinations you could use smtp_tls_policy_maps
smtp_use_tls = yes and smtp_enforce_tls=yes are deprecated. With Postfix 2.3 and later use smtp_tls_security_level instead.
Remember: Enforcing TLS encryption could cause mail delivery problems for SMTP host, that doesn't have TLS configured. If server is used to deliver mails to only your internal server with configured TLS, it's not a problem in that case. But if server is used to deliver mail to public servers, you cannot assume, that all servers has TLS support. In that case use smtp_tls_security_level = may