
RFC 8314: Open port 465 for implicit (immediate) SSL - 1996
https://tools.ietf.org/html/rfc8314#section-3.3
======
1996
For debian based distributions, edit /etc/postfix/master.cf to uncomment the
block of lines starting with smtps

Main advantage: connection on port 465 will automatically use SSL, as was done
a long time ago.

If you do not have one yet, get a certificate from letsencrypt for your mx. It
will also be an option on port 25 (keyword: may) with STARTTLS.

postconf -e 'smtpd_tls_cert_file =
/etc/letsencrypt/live/YOURDOMAIN/fullchain.pem'

postconf -e 'smtpd_tls_key_file =
/etc/letsencrypt/live/YOURDOMAIN/privkey.pem'

postconf -e 'smtp_tls_security_level = may'

postconf -e 'smtpd_tls_security_level = may'

postconf -e 'smtp_tls_note_starttls_offer = yes'

postconf -e 'smtpd_tls_loglevel = 1'

postconf -e 'smtpd_tls_received_header = yes'

