I currently use Postfix 2.6.5 as mail gateway and Exchange 2007 for internal e-mail. Right now I have a soft TLS requirement on outbound mail, i.e. Exchange 2007 is setup to connects via TLS only. For Postfix to require TLS connection from internal mail server what would I have to change to the following "main.cf" setup:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< smtpd_use_tls = yes smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_auth_only = no smtp_tls_security_level = may ## smtpd_tls_ask_ccert = yes smtpd_tls_key_file = /etc/postfix/ssl/server.key smtpd_tls_cert_file = /etc/postfix/ssl/server_selfsign.crt smtpd_tls_CAfile = /etc/postfix/ssl/server_selfsign.crt # smtpd_tls_CAfile = /usr/share/ssl/certs/ca-bundle.crt # smtpd_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_CAfile = /etc/postfix/exchange.pem smtp_tls_policy_maps = hash:/etc/postfix/tls_policy smtpd_tls_mandatory_ciphers = high smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Note: file "exchange.pem" is the public key of the (internal) root CA. goal here is to allow ONLY TLS/authenticated internal mail servers to send mail. Thanks in advance!! Edward Ray
