Photo by Miguel u00c1. Padriu00f1u00e1n on Pexels.com

Purpose

Postfix supported single connection reuse for plaintext for long time but they have now made it available for TLS connections as well.

smtp_tls_connection_reuse helps to reuse connections and helps to reduce connections made to deliver email. You need version higher than 3.4 for this parameter. This could be really beneficial for emails being sent to Cloud providers like Office 365, G Suite etc, They implement strict throttling policies and less connections means less chances of throttling.

smtp_tls_connection_reuse parameter uses tlsproxy service to encrypt an SMTP connection, uses scache service to save that connection, and relies on hints from the qmgr daemon.

Pre-requisites

Implementation

  • We have to modify main.cf and master.cf files to make this working.
  • Open /etc/postfix/main.cf in your favourite text editor and add below line and Save
smtp_tls_connection_reuse = yes
  • Open /etc/postfix/master.cf in your favorite text editor and add below line and save

uncomment tlsproxy line as below screenshot.

tlsproxy
  • Reload Postifx Service
systemctl reload postfix
  • Send multiple emails.
  • Do tail for /var/log/maillog logs and look for scache and tlsproxy lines, This will only be present if connection reuse worked.
[root@SRV01 postfix]# tail -f /var/log/maillog
Feb 17 05:32:20 SRV01 postfix/smtp[6681]: Trusted TLS connection established to learntechfuture-com.mail.protection.outlook.com[104.47.55.110]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 17 05:32:21 SRV01 postfix/smtp[6681]: 90875C02D4: to=<sourabh.jha@learntechfuture.com>, relay=learntechfuture-com.mail.protection.outlook.com[104.47.55.110]:25, delay=55989, delays=55955/2/31/0.79, dsn=2.6.0, status=sent (250 2.6.0 <87d4bb38-1343-4b1b-8e08-5bb1128970c4@MW2NAM10FT021.eop-nam10.prod.protection.outlook.com> [InternalId=20800526618040, Hostname=MW2PR0102MB3546.prod.exchangelabs.com] 8116 bytes in 0.193, 40.892 KB/sec Queued mail for delivery)
Feb 17 05:32:21 SRV01 postfix/qmgr[6527]: 90875C02D4: removed
Feb 17 05:32:23 SRV01 postfix/tlsproxy[6675]: DISCONNECT [104.47.55.110]:25
Feb 17 05:36:07 SRV01 postfix/scache[6677]: statistics: start interval Feb 17 05:31:48
Feb 17 05:36:07 SRV01 postfix/scache[6677]: statistics: domain lookup hits=1 miss=5 success=16%
Feb 17 05:36:07 SRV01 postfix/scache[6677]: statistics: address lookup hits=0 miss=10 success=0%
Feb 17 05:36:07 SRV01 postfix/scache[6677]: statistics: max simultaneous domains=1 addresses=2 connection=3

Feb 17 07:32:51 SRV01 postfix/smtp[13514]: Trusted TLS connection reused to learntechfuture-com.mail.protection.outlook.com[104.47.70.110]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Thank you for reading !