View Single Post
Old 4th August 2011, 14:47
osterhase osterhase is offline
Join Date: Jul 2011
Location: Germany
Posts: 63
Thanks: 6
Thanked 7 Times in 5 Posts

I totally agree that an TLS-Encryption on a loopback interface is a waste of processor time. But the consequence to shut down the entire TLS-Encryption for the server is a major hit on the security concept.

Instead I disabled the tls-encryption for the amavis loopback in the

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
	 -o smtp_tls_security_level=none inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=
        -o smtp_tls_security_level=none
Thanks for giving me the punch into the right direction. ;-)
Reply With Quote