Hello, i want to ask how should i set up tls on smtp with froxlor. Do i need to generate new certficate for it or froxlor does it? Thanks for reply

You indeed need a certificate which validates the domain given in $myhostname - by default it should be the froxlor-systemhostname so you can for example just use the generated certificate from it (if enabled and exists, default in /etc/ssl/froxlor-custom/).

Important: you can follow any tutorial to activate ssl on postfix for this, nothing froxlor specific in these parts of the config

The TLS settings at the end of the postfix/main.cf should look somewhat like that:

### TLS settings
###
## TLS for outgoing mails from the server to another server
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
## TLS for incoming connections (clients or other mail servers)
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/ssl/froxlor-custom/your-hostname_fullchain.cer
smtpd_tls_key_file = /etc/ssl/froxlor-custom/your-hostname.key
#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5

Also remember to adjust the postfix/master.cf file so it listens to smtps/submission