Home / server / Questions / 884374
In Process
Mike Conigliaro
Asked: 2017-11-21 15:48:07 +0800 CST

Why does the AWS SES developer guide recommend using stunnel with Postfix?

  • 772

I swear they changed this in the last year or two, but as of 2017-11-20, the SES developer guide for Postfix recommends setting up TLS via stunnel. This seems odd to me, considering that Postfix can already do TLS if you just add these lines to main.cf:

smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

In fact, I'm pretty sure I originally got the above configuration options from a previous version of the SES docs. Why did they change this?

amazon-web-services

1 Answers

  1. It could be realted to

    Postfix < 3.0 Although older Postfix SMTP client versions do not support TLS wrapper mode, it is relatively easy to forward a connection through the stunnel program if Postfix needs to deliver mail to some legacy system that doesn't support STARTTLS.

    But you can avoid of using stunnel with postfix 3.0+

    http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode

    Also according to the http://www.postfix.org/announcements/postfix-3.1.4.html only 2.11 currently supported (as legacy release) from 2.x branches

    • 1