[prev in list] [next in list] [prev in thread] [next in thread]
List: postfix-users
Subject: Re: SMTPD TLS policy by Client IP ?
From: Victor Duchovni <Victor.Duchovni () morganstanley ! com>
Date: 2010-10-28 19:57:10
Message-ID: 20101028195710.GT12547 () np305c2n2 ! ms ! com
[Download RAW message or body]
On Thu, Oct 28, 2010 at 02:48:11PM -0500, Noel Jones wrote:
>> However for incoming mail it looks like
>> "smtpd_tls_security_level" it is all or none on enforcement of
>> encryption.
>> Does such a control exist?
>
> You can use a check_client_access maps with "reject_plaintext_session"
> action.
> http://www.postfix.org/postconf.5.html#reject_plaintext_session
Yep, put the IPs in a "cidr:" table, and off you go. This is only
a band-aid of course, TLS policy is up to the sender, a misconfigured
sender gateway can send the mail to the wrong place, with or without
encryption.
http://www.postfix.org/TLS_README.html#client_tls_limits
Maintaining lists of peer IPs on which to enforce TLS is a pain, I
don't recommend this unless the IPs at the other end are also yours.
--
Viktor.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic