Enabling TLS-only SMTP on port 465 with Postfix
Enabling TLS-only SMTP on port 465 with Postfix
Implicit TLS is generally considered a better approach to transport encryption than the usual explicit (STARTTLS) TLS everyone is used to, this is why I wanted to enable it in my Postfix.
In the end it's very easy to enable implicit TLS SMTP with Postfix, just add (or uncomment)
-o smtpd_tls_wrappermode=yes
In /etc/postfix/master.cf under smtps inet .... This will run the Postfix SMTP server in the "non-standard" "wrapper" mode, requiring establishing a TLS connection instantly instead of requiring use of the STARTTLS command and being potentially vulnerable to MITM.
It is however recommended to keep using port 25 as well and allow STARTTLS there, this use of port 465 (smtps) seems to actually be standardized in a way, but can confuse older machines, I had some ancient online test break.
NB! This feature is available in Postfix 2.2 and later, if you have an older Postfix version you should really update.