Jelle de Jong wrote:
Victor Duchovni wrote, on 23-01-10 17:48:
On Sat, Jan 23, 2010 at 05:31:47PM +0100, Jelle de Jong wrote:
postconf -e 'smtp_tls_security_level = encrypt'
Is this SMTP client going to send all mail to a small set of TLS enabled
relay hosts? Or are you choosing to not be able to send any email to
the vast majority of domains whose MX hosts don't offer TLS?
The system is a satellite system that is only sending mail to one
secure mail server, the mailrelay is only affable for smtp auth over
ssl. the hostname of the sender will fail every sane check if it sent
to other machines, because it has no fixed ip, and is behind a series
of nat's.
postconf -e 'smtp_tls_mandatory_protocols = !SSLv2, !TLSv1'
Why disable both SSLv2 and TLSv1?! Leave this setting at its default
value, or disable just SSLv2. Does your client or server correctly handle
SSLv3, but fail to interoperate via TLSv1?
Well my server supports SSLv3 just fine, so I thought I disable
everything lower, and if better protocols come around postfix will
update and will still be able to use the newer stuff since I did not
force it to only use SSLv3.
TLSv1 is newer stuff.
