On 8/24/2010 10:24 AM, Vernon A. Fort wrote:
We have a few companies that we need have ALL email traffic encrypted. We can no longer 'blindly trust' the end user to not include sensitive information in email. A VPN would be a easier solution but its not an option at this point.So, the outbound appears to be simple: smtp_tls_policy_maps = hash:/etc/postfix/tls_policy with domain.com encrypt .domain.com encrypt basically, if the email is destine for THIS (or these) domain(s), enforce encryption. If we cannot, immediately return the email. But how to i enforce email connections FROM specific sites (ip's) to be encrypted, i.e. reject_if_NOT_tls_connection? Vernon
http://www.postfix.org/postconf.5.html#reject_plaintext_session abbreviated example of selective usage: smtpd_sender_restrictions = check_client_access cidr:/path/force_tls # force_tls 5.4.3.2/32 reject_plaintext_session -- Noel Jones
