On Wed, Jun 02, 2010 at 07:15:15AM -0700, m listus wrote: > I need to tell postfix to force smtp only for certain senders.
This is up to the senders. If they want to disclose the data, they'll post it on slashdot, without talking to your SMTP server... There is not much point in MX hosts, enforcing TLS inbound based on envelope sender address, this breaks legitimate forwarding scenarios, ... What can work, is enforcement from a particular set of SMTP client IPs, but this is a pain to maintain... If you want MITM protection, you can't force the remote client to check your certificates correctly! > I read http://www.postfix.org/TLS_README.html which helps me get tls > running w/ postfix, plus "Client TLS limitations". Perhaps you did not fully appreciate the point: TLS security is up to the sender! > I'm thinking of using smtpd with smtpd_tls_wrappermode=yes on a different > port. But my main problem is stopping those senders from using the regular > smtp. > > Any ideas on how to best achieve this. Let the sender secure the data transmission to you. If they don't take the appropriate steps, you can't unilaterally make the channel secure. -- Viktor.
