Re: force smtp tls from certain senders
- On Wed, Jun 02, 2010 at 07:15:15AM -0700, m listus wrote:
> I need to tell postfix to force smtp only for certain senders.This is up to the senders. If they want to disclose the data, they'll
post it on slashdot, without talking to your SMTP server...
There is not much point in MX hosts, enforcing TLS inbound based on
envelope sender address, this breaks legitimate forwarding scenarios, ...
What can work, is enforcement from a particular set of SMTP client
IPs, but this is a pain to maintain...
If you want MITM protection, you can't force the remote client to
check your certificates correctly!
> I read http://www.postfix.org/TLS_README.html which helps me get tlsPerhaps you did not fully appreciate the point: TLS security is up to
> running w/ postfix, plus "Client TLS limitations".
> I'm thinking of using smtpd with smtpd_tls_wrappermode=yes on a different port. But my main problem is stopping those senders from using the regular smtp.Let the sender secure the data transmission to you. If they don't take
> Any ideas on how to best achieve this.
the appropriate steps, you can't unilaterally make the channel secure.