Urban Hillebrand:
> On Thu, Feb 12, 2009 at 07:13:19AM -0500, Wietse Venema wrote:
> > Urban Hillebrand:
> > > Hello list,
> > >
> > > is there a way to enforce TLS dependent on the sender domain?
> >
> > Yes. Use "check_sender_access" and "reject_plaintext_session".
>
> Thank you Wietse, but isn?t this a smtpD setting? My problem is about
> outgoing mails. We act as SMTP relay for our customers, who want to send
> TLS encrypted SMTP to destinations in the internet. Sorry if I wasn?t
> clear.
This would have to be simulated with sender_dependent_relayhost_maps.
Specify a Postfix instance that encrypts all outbound mail. Postfix
multi-instance support will go alpha in a few days.
TLS is a hop-by-hop security protocol. TLS provides no security
after the sender gives the message to the relay. This includes
bounce messages for mail that was received via TLS.
Wietse
> [...]
> > > Background:
> > > Many customers are using our SMTP infrastructure (opportunistic TLS is
> > > active). Now one customer wants to enforce TLS to a certain destination;
> > > can I do this without affecting all other customers (who might as well
> > > send mails to this destination, but did not ask for enforced TLS)?
> > >
> > > The only ways I can think of involve more SMTP servers (or at least
> > > instances). Is there an easy solution to this?
>
>
