Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 26th January 2011, 16:54
vmos vmos is offline
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
Default Enforce TLS on outbound traffic only?

SOLVED /// I think

Good afternoon,
I've setup a postifx server according to these instructions


it's working well, I've also enabled opportunistic TLS but I'm trying to figure out if I can enforce TLS on outbound mail and leave inbound mail with opportunistic TLS

Can anyone point me in the right direction?

/edit it's only certain domains I need to enforce for, this command seems to be what I'm after

smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

but I'm buggered if I can find the right syntax for the tls_policy file, everything I try stops postfix delivering altogether

/edit edit edit think I've got it.

This parameter in postfix/main.cf does the trick

smtp_tls_security_level = encrypt

This means that the server will accept any mail inbound but will only send mail to TLS enabled servers. Not suitable for everyone but as this server was only ever intended to relay mail to certain domains that we know are TLS enabled, it works for us.

Also, I used this on a test server first and discovered that the server tries to deliver the mail to amavis but amavis doesn't do tls so the mail bounced. was fine once I disabled amavis. It's also fine delivering to servers that have amavis on them just don't have this rule on the same server as amavis

Last edited by vmos; 27th January 2011 at 13:36. Reason: laziness
Reply With Quote
Sponsored Links


postfix, tls, ubuntu

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PureFTP TLS problem - sucked for 2 days. pavljiks Installation/Configuration 7 11th February 2011 19:24
Traffic quota and mail traffic Davide General 2 10th January 2011 14:21
Email problem 'Cannot set my user or group id.' (using ISPConfig 3 + OpenSuSE 11.2) urosm Installation/Configuration 5 19th June 2010 23:41
Postfix can't received email from exterior astra2000 Server Operation 5 18th October 2009 00:26
TLS Problem admins Installation/Configuration 1 19th September 2009 11:55

All times are GMT +2. The time now is 08:02.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.