Thomas Bourdon:
> Hi,
>
> First of all, I apologize for my bad english.
>
> I use postfix-3.3.1 and openssl-1.0.2.
>
> Actual ssl config : tlsv1.0 minimum is set for smtp and smtpd. tlsv1.2
> minimum is set for submission/starttls.
>
> My goal : All auth connections must be done with tlsv1.2 minimum. Others
> connections can be done with tlsv1.0 minimum.
>
> If I use tlsv1.2 minimum everywhere, I can't send/receive mail to/from
> mail provider still using tlsv1.0 so I had to set tlsv1.0 minimum. But I
> want to allow auth connections from users of my smtp/imap server with
> tlsv1.2 minimum.
>
> I already set up tlsv1.2 minimum for submission/starttls. I thought
> about disable auth connection using 465 port but I don't want to force
> my users to strictly use starttls.
>
> Is there a way to allow tlsv1.0 minimum for unauth connection and allow
> tlsv1.2 minimum for auth connection on port 465 ?
Usually, AUTH is done on the submission or smtps ports, and non-AUTH
on port 25. If you want different TLS policies for different inbound
SMTP connections, you can specify different settings in master.cf.
Wietse
