I use the Option speed_adjust so Postfix open a new session to amavis in a proxy setup. I think Postfix should use starttls even if the client don't use starttls.
-----Ursprüngliche Nachricht----- Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] Im Auftrag von Viktor Dukhovni Gesendet: Dienstag, 8. April 2014 18:40 An: postfix-users@postfix.org Betreff: Re: smtpd_proxy_filter TLS On Tue, Apr 08, 2014 at 07:46:43AM +0000, Viktor Dukhovni wrote: > No, TLS encryption is not available between the SMTP server and the > pre-queue proxy filter. To use TLS for content inspection the only > option is the post-queue content_filter. If filtering needs to happen > before the client disconnects, I'm afraid TLS is not possible. One could of course use stunnel (verify level >= 3 for actual MITM protection) or IPsec, ... to create an encrypted channel between the two end-points. It would also be possible to write an SMTP proxy that encapsulates cleartext SMTP sessions via STARTTLS (thus avoiding the need for additional configuration to terminate an IPsec or stunnel on the remote side). -- Viktor.
