View Single Post
  #3  
Old 4th August 2011, 13:47
osterhase osterhase is offline
Member
 
Join Date: Jul 2011
Location: Germany
Posts: 49
Thanks: 5
Thanked 7 Times in 5 Posts
Default

I totally agree that an TLS-Encryption on a loopback interface is a waste of processor time. But the consequence to shut down the entire TLS-Encryption for the server is a major hit on the security concept.

Instead I disabled the tls-encryption for the amavis loopback in the master.cf:

Code:
amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
	 -o smtp_tls_security_level=none

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1
        -o smtp_tls_security_level=none
Thanks for giving me the punch into the right direction. ;-)
Reply With Quote