What's the difference between Postfix SMTP server and client in regards to TLS Support?
I need to implement TLS tunneling in my Postfix so that when needed it can use TLS certification (when trying to send mails to the domain xxxx.xx, their servers will ask mine to establish a TLS session. In the documentation there seems to be two approaches: SMTP server and SMTP client.
What is the difference? And which one am I supposed to use?
Postfix with TLS for SMTP Server is for when the mail client, or other mail server tries to send email to or through your postfix system, it will offer or require the use of TLS depending on how you configure it. Postfix with TLS for SMTP Client is when your postfix server wants to send email to another SMTP server.
Update 1
Given Postfix's client tls documentation if blah.com offers STARTTLS then and offers a correct ssl certificate, then configuring Opportunistic TLS with /etc/postfix/main.cf:
smtp_tls_security_level = may
will provide the support required.
Think of it this way. Your mail server is both a server and a client. When mail is sent to your server, it is acting as the server. When your server is relaying that email to another location or sending email to another server on your behalf, it is the client.
To see the default client TLS settings of postfix, you would type:
postconf -d | grep ^smtp_tls | more
To see the defulat server settings of postfix, you would type
postconf -d | grep ^smtpd_tls | more
If you remove the -d, you will see your current configuration. This should reflect what is in /etc/postfix/main.cf