On 5/12/2011 9:14 AM, gaby wrote:
Hi
I want to set postfix to use TLS (certificates) only my sasl
clients send email.
I want to not use TLS,only for SASL clients,only when they
send email.
I use sasl authenticated for my users with plain text.
/etc/postfix/main.cf <http://www.postfix.org/postconf.5.html>:
smtpd_recipient_restrictions
<http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions> =
permit_mynetworks
<http://www.postfix.org/postconf.5.html#permit_mynetworks>
*permit_sasl_authenticated
<http://www.postfix.org/postconf.5.html#permit_sasl_authenticated>*
reject_unauth_destination
<http://www.postfix.org/postconf.5.html#reject_unauth_destination>
I use PAM
/etc/sasl2/smtpd.conf:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
Have your users submit mail to the submission port 587.
Uncomment the submission entry in postfix master.cf and set
your SASL and TLS options there.
Require TLS and SASL on submission, don't offer TLS or SASL on
regular port 25.
Something like:
# main.cf
smtpd_sasl_auth_enable = no
smtpd_tls_security_level = none
submission_recipient_restrictions =
permit_sasl_authenticated
reject
# master.cf
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_security_level=encrypt
-o
smtpd_recipient_restrictions=$submission_recipient_restrictions
-o syslog_name=postfix_submission
-- Noel Jones
