Re: SMTPD TLS policy by Client IP ?
- On Thu, Oct 28, 2010 at 02:48:11PM -0500, Noel Jones wrote:
>> However for incoming mail it looks likeYep, put the IPs in a "cidr:" table, and off you go. This is only
>> "smtpd_tls_security_level" it is all or none on enforcement of
>> Does such a control exist?
> You can use a check_client_access maps with "reject_plaintext_session"
a band-aid of course, TLS policy is up to the sender, a misconfigured
sender gateway can send the mail to the wrong place, with or without
Maintaining lists of peer IPs on which to enforce TLS is a pain, I
don't recommend this unless the IPs at the other end are also yours.