Loading ...
Sorry, an error occurred while loading the content.

291497Enforced TLS per MX

Expand Messages
  • Jan P. Kessler
    Feb 22, 2013
    • 0 Attachment
      Dear list,

      we are trying to establish enforced TLS with a partner that hosts about
      2000 recipient domains. All of these point to the same four MX records:


      As I did not want to specify all of these domains in our tls_policy
      file, I wanted to ask if there is any option to enforce TLS by those MX

      I already tried to set up a new instance with the setting
      "smtp_tls_security_level=encrypt" at port 26. On the main instance I
      have set up a restriction that redirects all mails to the partner's MX
      by the following configuration:


      /^host[1-4]\.example.com$/ FILTER smtp:[localhost]:26

      Unfortunately this does not work as expected for multi-recipient mails,
      because the FILTER action affects all recipients (even those to other MX

      recipient1@... --> OK
      recipient2@... --> Fails, because the MX for example.net
      does not offer TLS

      So: Does anybody see a chance to enforce TLS with our partner without
      the requirement to configure all of their recipient domains in the
      tls_policy file?

      Best regards, Jan
    • Show all 7 messages in this topic