I need to implement TLS tunneling in my Postfix so that when needed it can use TLS certification (when trying to send mails to the domain xxxx.xx, their servers will ask mine to establish a TLS session. In the documentation there seems to be two approaches: SMTP server and SMTP client.
What is the difference? And which one am I supposed to use?
Best Answer
Postfix with TLS for SMTP Server is for when the mail client, or other mail server tries to send email to or through your postfix system, it will offer or require the use of TLS depending on how you configure it. Postfix with TLS for SMTP Client is when your postfix server wants to send email to another SMTP server.
Update 1
Given Postfix's client tls documentation if blah.com offers STARTTLS then and offers a correct ssl certificate, then configuring Opportunistic TLS with
/etc/postfix/main.cf: smtp_tls_security_level = maywill provide the support required.