Postfix TLS encryption: smtp_* vs smptd_*

cytopia asked:

I am really confused about the postfix TLS settings. There are in each case settings for private keys and public keys.

smtpd_tls_cert_file = 
smtpd_tls_key_file = 


smtp_tls_cert_file = 
smtp_tls_key_file = 

What is their difference.

I know of three different TLS cases:

  1. User authenticates on MTA in oder to sent mails
  2. MTA wants to send an email encrypted to another MTA
  3. MTA receives an email encrypted from another MTA

Do they relate to the above settings? Are there any other cases that require TLS? Which of the cases belong to what postfix configuration directive?


Thanks to @Michael Hampton, I got most of it now. What still remains is the client part:

What is the reason/use-case for setting postfix client certificate/key (smtp_tls_cert and smtp_tls_key). Why would I need this and what benefits do I have?

My answer:

Postfix directives that start with smtpd_ refer to when Postfix is acting as an SMTP server, receiving mail from other hosts.

Postfix directives that start with smtp_ refer to when Postfix is acting as an SMTP client, sending mail to other hosts.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.