Quantcast

Postfix for bulk email and TLS

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Postfix for bulk email and TLS

Xinhuan Zheng
Hello,

Does anyone in postfix mailing list have experience using Postifx software for sending bulk emails with TLS encryption? Can you share your experience with me? The amount of bulk email is quite large, normally for marketing purpose. In the past we have been using sendmail bundled with CentOS 6 OS for a few years already. But we need to upgrade our system and one new requirement is to use TLS. So I’m planning on using recent CentOS 7 operating system. But as I look at its repository, postfix and openssl appear to be old versions.
Thanks,

- xinhuan 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix for bulk email and TLS

Viktor Dukhovni

> On Mar 31, 2017, at 4:03 PM, Xinhuan Zheng <[hidden email]> wrote:
>
> Does anyone in postfix mailing list have experience using Postifx software
> for sending bulk emails with TLS encryption? Can you share your experience
> with me?

TLS does not materially affect the performance of bulk-email delivery except
when a high-volume destination's MX host set includes some hosts that are
down.  When one of the MX hosts is down and you don't use TLS,  connection
re-use will shift more of the load to the hosts that are up.  With TLS there
is no connection re-use, and so connection latency may rise if the remote
destination is partly down.  This is rare in practice for high-volume
destinations.

> So I’m planning on using recent CentOS 7 operating system. But as I look at
> its repository, postfix and openssl appear to be old versions.

Postfix TLS support is reasonably mature by Postfix 2.8, but older versions
should also be fine.  Just set:

        smtp_tls_protocols = !SSLv2, !SSLv3
        smtp_tls_ciphers = medium
        smtp_tls_security_level = may
        smtp_tls_loglevel = 1

        smtpd_tls_protocols = !SSLv2, !SSLv3
        smtpd_tls_ciphers = medium
        smtpd_tls_security_level = may
        smtpd_tls_loglevel = 1
        smtpd_tls_cert_file = ... your cert file location ...
        smtpd_tls_key_file  = ... your key file location if different from cert file ...

if these are not already the defaults for your Postfix version.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix for bulk email and TLS

Peter Ajamian
In reply to this post by Xinhuan Zheng
On 01/04/17 09:03, Xinhuan Zheng wrote:
> Does anyone in postfix mailing list have experience using Postifx
> software for sending bulk emails with TLS encryption? Can you share your
> experience with me?

It works just fine.

> The amount of bulk email is quite large, normally
> for marketing purpose. In the past we have been using sendmail bundled
> with CentOS 6 OS for a few years already. But we need to upgrade our
> system and one new requirement is to use TLS.

Postfix support for TLS goes way back.

> So I’m planning on using
> recent CentOS 7 operating system. But as I look at its repository,
> postfix and openssl appear to be old versions.

Please see the Red Hat backports policy at:
https://access.redhat.com/security/updates/backporting/

OpenSSL in CentOS 7 is fine, I would not change or mess with it as it's
an integral part of the distribution.

Postfix is fine as well and there is no lack of TLS support in the
Postfix 2.10.1.  That said, you can get a newer postfix for CentOS 7
from GhettoForge:
http://ghettoforge.org/index.php/postfix3

...please note that as of this writing the latest version is in gf-testing


Peter
Loading...