[SOLVED] Postfix - How to enable SMTP TLS for outgoing mails?

in my main.cf the smtp_tls_cert_file (and key) were NOT set and I assume on the next reconfigure of postfix from ispconfig they will disappear.
how can i enable the certificate for outgoing smtp tls connection via ispconfig?

 

/etc/postfix/main.cf should have these lines (by default):

Code:

smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may

The cert and key files are symbolic links in /etc/postfix to ispserver.crt and ispserver.key in /usr/local/ispconfig/interface/ssl/

 

Thanks @till and @remkoh. Not sure if we are talking about the same thing. It is not about the smptD_tls for incoming connections but about the smtp_tls (smtp without D at the end) for outgoing connections. The smtp_tls_cert_file (and key) have not been set (whereas smtpD were always set and working fine) and after debugging why I could not configure a connector in M365 Exchange that accepts mails from my mailserver (by certificate subject) i realized that postfix is not configured to use the same certificate for outgoing connections.

So is there a reason that the cert is not set for outgoing connections too?

 

You're wrong about smtp_tls_cert being needed to secure outgoing mail.
If the other side supports and offers TLS then it should be used when sending outgoing mail.

Quote from the TLS readme on the postfix website:

Defaults are empty/non-existant

 

@remkoh thanks, you are fully right. sure, no tls cert is needed for the outgoing connection, sorry my fault.

(btw, as mentioned I need it for relaying certain mails via M365 and to be able to whitelist my server relaying via M365 my server needs a client certificate on the outgoing side.)

 

Have a look at the TLS readme on Postfix's website.
https://www.postfix.org/TLS_README.html
I saw something about maps, maybe that can be of help for you.
Or maybe you can find another solution there that works for you.