Loading ...
Sorry, an error occurred while loading the content.

Re: force smtp tls from certain senders

Expand Messages
  • Victor Duchovni
    ... This is up to the senders. If they want to disclose the data, they ll post it on slashdot, without talking to your SMTP server... There is not much point
    Message 1 of 3 , Jun 2, 2010
    • 0 Attachment
      On Wed, Jun 02, 2010 at 07:15:15AM -0700, m listus wrote:

      > I need to tell postfix to force smtp only for certain senders.

      This is up to the senders. If they want to disclose the data, they'll
      post it on slashdot, without talking to your SMTP server...

      There is not much point in MX hosts, enforcing TLS inbound based on
      envelope sender address, this breaks legitimate forwarding scenarios, ...

      What can work, is enforcement from a particular set of SMTP client
      IPs, but this is a pain to maintain...

      If you want MITM protection, you can't force the remote client to
      check your certificates correctly!

      > I read http://www.postfix.org/TLS_README.html which helps me get tls
      > running w/ postfix, plus "Client TLS limitations".

      Perhaps you did not fully appreciate the point: TLS security is up to
      the sender!

      > I'm thinking of using smtpd with smtpd_tls_wrappermode=yes on a different port. But my main problem is stopping those senders from using the regular smtp.
      >
      > Any ideas on how to best achieve this.

      Let the sender secure the data transmission to you. If they don't take
      the appropriate steps, you can't unilaterally make the channel secure.

      --
      Viktor.
    Your message has been successfully submitted and would be delivered to recipients shortly.