Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 26th January 2011, 15:54
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default Enforce TLS on outbound traffic only?

SOLVED /// I think

Good afternoon,
I've setup a postifx server according to these instructions

http://www.howtoforge.com/virtual-us...l-ubuntu-10.04

it's working well, I've also enabled opportunistic TLS but I'm trying to figure out if I can enforce TLS on outbound mail and leave inbound mail with opportunistic TLS

Can anyone point me in the right direction?

/edit it's only certain domains I need to enforce for, this command seems to be what I'm after

smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

but I'm buggered if I can find the right syntax for the tls_policy file, everything I try stops postfix delivering altogether

/edit edit edit think I've got it.

This parameter in postfix/main.cf does the trick

smtp_tls_security_level = encrypt

This means that the server will accept any mail inbound but will only send mail to TLS enabled servers. Not suitable for everyone but as this server was only ever intended to relay mail to certain domains that we know are TLS enabled, it works for us.

Also, I used this on a test server first and discovered that the server tries to deliver the mail to amavis but amavis doesn't do tls so the mail bounced. was fine once I disabled amavis. It's also fine delivering to servers that have amavis on them just don't have this rule on the same server as amavis

Last edited by vmos; 27th January 2011 at 12:36. Reason: laziness
Reply With Quote
Sponsored Links
Reply

Bookmarks

Tags
postfix, tls, ubuntu

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PureFTP TLS problem - sucked for 2 days. pavljiks Installation/Configuration 7 11th February 2011 18:24
Traffic quota and mail traffic Davide General 2 10th January 2011 13:21
Email problem 'Cannot set my user or group id.' (using ISPConfig 3 + OpenSuSE 11.2) urosm Installation/Configuration 5 19th June 2010 22:41
Postfix can't received email from exterior astra2000 Server Operation 5 17th October 2009 23:26
TLS Problem admins Installation/Configuration 1 19th September 2009 10:55


All times are GMT +2. The time now is 00:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.