On 17.08.22 17:04, Sam R wrote:
I have several Postfix servers named MX, SMTP and MAIL on my dmz:
MX is used to receive mails to our "@domain.fr" from Internet
SMTP is used to send mails from "@domain.fr
MAIL is used as a storage server for "@domain.fr" mails
However, I would like to be able to for example directly transmit a mail to
"@domain.fr" from SMTP to MAIL without having to go out on the Internet.
Both to redirect mails from "@domain.fr" users and also for example to send
logwatch mails to a centralized address.
Currently I use the following settings:
transport_maps = hash:/etc/postfix/transport
domain.fr smtp:[192.168.X.X]:465
can't you delive it to 192.168.X.X using plaintext SMTP on port 25?
This works but I get the following Postfix message:
SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode =
yes", and "smtp_tls_security_level = encrypt" (or stronger)
If I put these additional settings,
which one, "encrypt" or stronger?
it doesn't work anymore because the
internal address of my servers doesn't match the certificate that is
created with the external addresses (I have a handshake failure)
So I am tempted to use this :
smtp_tls_policy_maps=hash:/etc/postfix/tls_policy
and in /etc/postfix/tls_policy :
domain.fr none
I think I can keep the encryption of the transmission between my servers,
without doing any certificate verification.
this looks like you use stronger setting that "encrypt"
Does this seem correct to you? Or is there another method more suitable?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
