Re: SMTP: Reject unencrypted connections
- On 10/31/2012 4:46 PM, thorsopia@... wrote:
>> The above two settings are sufficient to require encryption on everyYou didn't mention if you're asking about server AUTH -- clients
>> connection. Note these settings are not appropriate for an
>> internet-facing server.
> I don't want to send passwords in clear that's what I'm trying to
> accomplish. I think that I'm mixing SMTP AUTH with SMTP.
> What should I tweak to prevent unencrypted authentication?
authenticating to relay through your postfix server, or client AUTH
-- using the postfix client to authenticate mail sent through a
For server AUTH set "smtpd_tls_security_level = may" and
"smtpd_tls_auth_only = yes" to require encryption when an outside
client want to authenticate. smtp_tls_secruity_level can be set to
either "none" or "may".
See http://www.postfix.org/SASL_README.html for details.
If you're using the postfix client to authenticate when sending mail
to a relayhost, use smtp_tls_policy_maps to require encryption to
-- Noel Jones