On 10/31/2012 4:46 PM, thorso...@lavabit.com wrote: >> The above two settings are sufficient to require encryption on every >> connection. Note these settings are not appropriate for an >> internet-facing server. > > I don't want to send passwords in clear that's what I'm trying to > accomplish. I think that I'm mixing SMTP AUTH with SMTP. > > What should I tweak to prevent unencrypted authentication?
You didn't mention if you're asking about server AUTH -- clients authenticating to relay through your postfix server, or client AUTH -- using the postfix client to authenticate mail sent through a relayhost. For server AUTH set "smtpd_tls_security_level = may" and "smtpd_tls_auth_only = yes" to require encryption when an outside client want to authenticate. smtp_tls_secruity_level can be set to either "none" or "may". See http://www.postfix.org/SASL_README.html for details. If you're using the postfix client to authenticate when sending mail to a relayhost, use smtp_tls_policy_maps to require encryption to your relayhost. http://www.postfix.org/TLS_README.html#client_tls_policy -- Noel Jones
