On Wed, Dec 16, 2009 at 01:50:45PM +0000, Arora, Sumit wrote:
> I was going through the document for TLS support in postfix, but I
> don't know which security level to use.
> My requirement is straight, FULLY SECURE and AVAILABLE FOR EVERYONE.
>
> Which of the following TLS Security level should is use?
For outgoing mail to generic (not specific domains with which you have
special security arrangements) Internet recipients:
main.cf:
smtp_tls_security_level = may
For incoming mail from generic Internet senders:
main.cf:
smtpd_tls_security_level = may
you'll need a self-signed RSA certificate, or in some cases, one signed
by a widely trusted CA, but only if some senders will be checking your
certificates (normally, with SMTP, no certificate checks take place).
For port 587 submission:
master.cf
submission inet ... smtpd
-o smtpd_tls_security_level=encrypt
...
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
