Loading ...
Sorry, an error occurred while loading the content.

294327Re: sasl on smtps: allowing plaintext

Expand Messages
  • Vincent Pelletier
    Jul 17, 2013
    • 0 Attachment
      On Wed, 17 Jul 2013 13:37:53 +0000, Viktor Dukhovni
      <postfix-users@...> wrote:
      > The suggestion is I believe to use smtp_tls_policy_maps to ensure
      > that TLS is used for destinations where you will be using plaintext
      > authentication.

      Thanks, I think I understand now:
      main.cf (or a few -o in master.cf's submission service):
      smtp_sasl_security_options = noanonymous
      smtp_tls_security_level = must
      smtp_tls_policy_maps = hash:blah

      [] none

      This is indeed closer to the mental picture I had of the solution
      (host-based lookup), but I didn't notice the need for a laxist
      smtp_sasl_security_options value.

      I've the idea to someday move my postfix setup to a server also sending
      & receiving mails for its own domain. Is it a bad idea (error-prone)
      to mix both of those use cases on a single postfix, generally speaking ?

      If I understand correctly, a setup with both roles would need your
      initial suggestion (which I setup successfully before noticing the
      second reply).

      Vincent Pelletier
    • Show all 7 messages in this topic