m listus: > Hi again, > > I need to tell postfix to force smtp only for certain senders.
IP addresses? Domain names? Envelope addresses? Different requirements allow for different solutions. For example, a packet filter "redirect" allows you to invisibly switch to a different SMTP server configuration, but it cannot trigger on email addresses. > I read http://www.postfix.org/TLS_README.html which helps me get tls running > w/ postfix, plus "Client TLS limitations". > > I'm thinking of using smtpd with smtpd_tls_wrappermode=yes on a different > port. But my main problem is stopping those senders from using the regular > smtp. One option: reject_plaintext_session Reject the request when the connection is not encrypted. This restriction should not be used before the client has had a chance to negotiate encryption with the AUTH or STARTTLS com- mands. The plaintext_reject_code parameter specifies the response code for rejected requests (default: 450). This feature is avail- able in Postfix 2.3 and later. This can prevent disclosure of the message content, but it canot prevent disclosure of email addresses etc. in SMTP commands Wietse
