Loading ...
Sorry, an error occurred while loading the content.

Re: SMTP: Reject unencrypted connections

Expand Messages
  • Noel Jones
    ... You didn t mention if you re asking about server AUTH -- clients authenticating to relay through your postfix server, or client AUTH -- using the postfix
    Message 1 of 5 , Nov 1, 2012
    • 0 Attachment
      On 10/31/2012 4:46 PM, thorsopia@... wrote:
      >> The above two settings are sufficient to require encryption on every
      >> connection. Note these settings are not appropriate for an
      >> internet-facing server.
      >
      > I don't want to send passwords in clear that's what I'm trying to
      > accomplish. I think that I'm mixing SMTP AUTH with SMTP.
      >
      > What should I tweak to prevent unencrypted authentication?

      You didn't mention if you're asking about server AUTH -- clients
      authenticating to relay through your postfix server, or client AUTH
      -- using the postfix client to authenticate mail sent through a
      relayhost.

      For server AUTH set "smtpd_tls_security_level = may" and
      "smtpd_tls_auth_only = yes" to require encryption when an outside
      client want to authenticate. smtp_tls_secruity_level can be set to
      either "none" or "may".

      See http://www.postfix.org/SASL_README.html for details.

      If you're using the postfix client to authenticate when sending mail
      to a relayhost, use smtp_tls_policy_maps to require encryption to
      your relayhost.
      http://www.postfix.org/TLS_README.html#client_tls_policy



      -- Noel Jones
    Your message has been successfully submitted and would be delivered to recipients shortly.