On Thu, Sep 24, 2015 at 02:14:47PM +0200, lst_ho...@kwsoft.de wrote:
> >How to enforce postfix not to send the email incase the receipt
> >certificate is untrusted or self signed?
>
> You will need "verify" level for this :
> http://www.postfix.org/TLS_README.html#client_tls_verify
The default hostname matching policy in the "verify" level is
vulnerable to MiTM attacks that modify the MX records of the
nexthop domain. This is addressed in the "secure" level.
http://www.postfix.org/TLS_README.html#client_tls_secure
the two levels are otherwise identical, if you explicitly configure
"match=" in the policy table, or smtp_tls_{verify,secure}_cert_match
then it does not matter which level you choose. What matters is
whether or not you elect to trust hostnames obtained from insecure
MX lookups.
--
Viktor.
