That's what I do, it works perfectly.
Thanks.
Le 25.10.2018 19:39, Wietse Venema a écrit :
Thomas Bourdon:
Hi,
First of all, I apologize for my bad english.
I use postfix-3.3.1 and openssl-1.0.2.
Actual ssl config : tlsv1.0 minimum is set for smtp and smtpd. tlsv1.2
minimum is set for submission/starttls.
My goal : All auth connections must be done with tlsv1.2 minimum.
Others
connections can be done with tlsv1.0 minimum.
If I use tlsv1.2 minimum everywhere, I can't send/receive mail to/from
mail provider still using tlsv1.0 so I had to set tlsv1.0 minimum. But
I
want to allow auth connections from users of my smtp/imap server with
tlsv1.2 minimum.
I already set up tlsv1.2 minimum for submission/starttls. I thought
about disable auth connection using 465 port but I don't want to force
my users to strictly use starttls.
Is there a way to allow tlsv1.0 minimum for unauth connection and
allow
tlsv1.2 minimum for auth connection on port 465 ?
Usually, AUTH is done on the submission or smtps ports, and non-AUTH
on port 25. If you want different TLS policies for different inbound
SMTP connections, you can specify different settings in master.cf.
Wietse
--
Thomas Bourdon
