TLS Enforcement

smtp_tls_security_level = encrypt
      smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

This configuration:

  • Enforces TLS encryption for all outbound SMTP connections.

  • Uses the system CA store for certificate validation.

  • Enables TLS session caching for performance optimization.