JLA, > I run amavisd-new as part of my anti-spam setup. > The configuration is pretty well out of the box. I use the split clean > up, which if I remember correctly, is straight out of Patrick Koetter's > setup guide. > One of the things I have noticed is that when amavisd passes emails back > into postfix it is using TLS, this seems a little pointless as both apps > are on the same machine.
It doesn't do so, unless you told it to. The default setting for $tls_security_level_out is off (undef or "none"), which disables TLS on the amavisd client side (when feeding mail back to Postfix). Likewise, the client side TLS is also off by default ($tls_security_level_in). Btw, the client side TLS in amavisd is surprisingly fast, unlike the server side, which is quite slow because of a line-by-line reading I/O. > Is there a way of implementing TLS selectively. > What I have currently done is to add "-o smtpd_tls_security_level=none" > to the 1270.0.0.1:10025 smtpd entry in the master.cf. This is good too, if your setting of $tls_security_level_out is a "may". It is slightly better to turn $tls_security_level_out entirely off, as this way the SSL code would not be loaded (unless needed for some other reason). > While this seems to be working, is this the best way of achieving what i > want, am I missing some nasty side effect or have I missed the mark > entirely. No nasty side effects, as you say it is pretty much pointless to use TLS on a loopback interface. Mark
