Re: Server equivilent of smtp_tls_policy_maps

Mon, 24 Nov 2008 14:31:52 -0800 

> > I am interested in the smtpd equiv of
> > smtp_tls_policy_maps. 
> >
> > What I want to do in only accept email from certain sites if it is
> > encrypted.  Don't accept mail from these sites if it is not
> encrypted.--------
> 
> Sort of.
> 
> The simplest use is either a check_client_access or
> check_sender_access table listing the {client IP or hostname,
> sender's domain} with a result of 'reject_plaintext_session'.
> 
> This does nothing to verify identity, but does insure the
> communication is encrypted.
> 
> You would choose check_client_access or check_sender_access
> depending on which entity requires encryption:
> 
> - All mail arriving from the mail client mx.example.org must
> be entrypted: use check_client_access with a key
> "mx.example.org" or (better) the IP address of that client.
> 
> - All mail arriving with a envelope sender address of
> [EMAIL PROTECTED] (not necessarily the From: header) must be
> encrypted: use check_sender_access with a key "example.com".
> 
> Envelope sender address example:
> # main.cf
> smtpd_sender_restrictions =
>    check_sender_access hash:/etc/postfix/require_crypt
> 
> # require_crypt
> example.com  reject_plaintext_session
> 
> http://www.postfix.org/postconf.5.html#reject_plaintext_session
> 
> You can also use smtpd_restriction_classes to match senders
> and clients.
> http://www.postfix.org/RESTRICTION_CLASS_README.html
> 
> 
> If your requirement is to verify the identity of the client,
> your setup becomes more complicated and, because your postfix
> will need to ask for client certificates, may experience
> compatibility problems with the general internet.  This type
> setup is probably best used on a private connection, such as
> an IP not listed as your public MX or a non-standard port.
> Please see:
> http://www.postfix.org/TLS_README.html#server_access
> 
> --
> Noel Jones
> 

Excellent, many thanks.


This electronic message transmission is a PRIVATE communication which
contains information which may be confidential or privileged. The
information is intended to be for the use of the individual or entity
named above. If you are not the intended recipient, please be aware that
any disclosure, copying, distribution or use of the contents of this
information is prohibited. Please notify the sender  of the delivery
error by replying to this message, or notify us by telephone
(877-633-2436, ext. 0), and then delete it from your system.

Reply via email to