Loading ...
Sorry, an error occurred while loading the content.

smtp_tls_security_level = may combined wit smtp_tls_policy_maps.

Expand Messages
  • Robert Schetterer
    Hi, if i use smtp_tls_security_level = may is smtp_tls_policy_maps honored ? background , i want all outgoing mail encrypt if possible with fallback to plain (
    Message 1 of 6 , Mar 15, 2013
    • 0 Attachment
      Hi,

      if i use

      smtp_tls_security_level = may

      is

      smtp_tls_policy_maps honored ?

      background , i want all outgoing mail encrypt if possible with fallback
      to plain ( this should be "may" )

      but to special domains in

      smtp_tls_policy_maps

      i want them always encrypt, with no fallback to plain ( mail should stay
      in queue

      when i read docs on smtp_tls_security_level
      it looks like i have to use

      smtp_tls_security_level = none
      for honor smtp_tls_policy_maps


      Best Regards
      MfG Robert Schetterer

      --
      [*] sys4 AG

      http://sys4.de, +49 (89) 30 90 46 64
      Franziskanerstraße 15, 81669 München

      Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
      Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
      Aufsichtsratsvorsitzender: Joerg Heidrich
    • Robert Schetterer
      ... looks like that should work like needed http://www.postfix.org/TLS_README.html ... You can enable opportunistic TLS just for selected destinations. With
      Message 2 of 6 , Mar 15, 2013
      • 0 Attachment
        Am 15.03.2013 10:34, schrieb Robert Schetterer:
        > Hi,
        >
        > if i use
        >
        > smtp_tls_security_level = may
        >
        > is
        >
        > smtp_tls_policy_maps honored ?
        >
        > background , i want all outgoing mail encrypt if possible with fallback
        > to plain ( this should be "may" )
        >
        > but to special domains in
        >
        > smtp_tls_policy_maps
        >
        > i want them always encrypt, with no fallback to plain ( mail should stay
        > in queue


        looks like that should work like needed

        http://www.postfix.org/TLS_README.html

        ...
        You can enable opportunistic TLS just for selected destinations. With
        the Postfix TLS policy table, specify the "may" security level
        ...

        someone to verify that ?

        >
        > when i read docs on smtp_tls_security_level
        > it looks like i have to use
        >
        > smtp_tls_security_level = none
        > for honor smtp_tls_policy_maps
        >
        >
        > Best Regards
        > MfG Robert Schetterer
        >



        Best Regards
        MfG Robert Schetterer

        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Joerg Heidrich
      • Wietse Venema
        ... As a general rule, per-destination SMTP/TLS policy lookup results override main.cf (and master.cf) settings. You enable smtp_tls_policy_maps lookups by
        Message 3 of 6 , Mar 15, 2013
        • 0 Attachment
          Robert Schetterer:
          > Hi,
          >
          > if i use
          >
          > smtp_tls_security_level = may
          >
          > is
          >
          > smtp_tls_policy_maps honored ?

          As a general rule, per-destination SMTP/TLS policy lookup results
          override main.cf (and master.cf) settings.

          You enable smtp_tls_policy_maps lookups by specifying a non-empty
          value (there appears to be no other way to turn this off).

          Wietse
        • Robert Schetterer
          ... Hi Wietse, i set smtp_tls_security_level = may and smtp_tls_policy_maps = hash:/etc/postfix/tls_policy with /etc/postfix/tls_policy example.com encrypt so
          Message 4 of 6 , Mar 15, 2013
          • 0 Attachment
            Am 15.03.2013 13:11, schrieb Wietse Venema:
            > Robert Schetterer:
            >> Hi,
            >>
            >> if i use
            >>
            >> smtp_tls_security_level = may
            >>
            >> is
            >>
            >> smtp_tls_policy_maps honored ?
            >
            > As a general rule, per-destination SMTP/TLS policy lookup results
            > override main.cf (and master.cf) settings.
            >
            > You enable smtp_tls_policy_maps lookups by specifying a non-empty
            > value (there appears to be no other way to turn this off).
            >
            > Wietse
            >

            Hi Wietse, i set

            smtp_tls_security_level = may

            and

            smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

            with

            /etc/postfix/tls_policy

            example.com encrypt

            so it should goal

            encrypt ,if possible ,with fallback to plain, for all destination

            but for example.com encrypt only ( no plain fallback )




            Best Regards
            MfG Robert Schetterer

            --
            [*] sys4 AG

            http://sys4.de, +49 (89) 30 90 46 64
            Franziskanerstraße 15, 81669 München

            Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
            Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
            Aufsichtsratsvorsitzender: Joerg Heidrich
          • Wietse Venema
            ... That is what I mean with smtp_tls_policy_maps overrides main.cf (and master.cf) . Wietse
            Message 5 of 6 , Mar 15, 2013
            • 0 Attachment
              Robert Schetterer:
              > Am 15.03.2013 13:11, schrieb Wietse Venema:
              > > Robert Schetterer:
              > >> Hi,
              > >>
              > >> if i use
              > >>
              > >> smtp_tls_security_level = may
              > >>
              > >> is
              > >>
              > >> smtp_tls_policy_maps honored ?
              > >
              > > As a general rule, per-destination SMTP/TLS policy lookup results
              > > override main.cf (and master.cf) settings.
              > >
              > > You enable smtp_tls_policy_maps lookups by specifying a non-empty
              > > value (there appears to be no other way to turn this off).
              >
              > Hi Wietse, i set
              >
              > smtp_tls_security_level = may
              >
              > and
              >
              > smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
              >
              > with
              >
              > /etc/postfix/tls_policy
              >
              > example.com encrypt
              >
              > so it should goal
              >
              > encrypt ,if possible ,with fallback to plain, for all destination
              >
              > but for example.com encrypt only ( no plain fallback )

              That is what I mean with "smtp_tls_policy_maps overrides main.cf
              (and master.cf)".

              Wietse
            • Robert Schetterer
              ... so it works like it should , thx Wietse Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15,
              Message 6 of 6 , Mar 15, 2013
              • 0 Attachment
                Am 15.03.2013 15:06, schrieb Wietse Venema:
                > Robert Schetterer:
                >> Am 15.03.2013 13:11, schrieb Wietse Venema:
                >>> Robert Schetterer:
                >>>> Hi,
                >>>>
                >>>> if i use
                >>>>
                >>>> smtp_tls_security_level = may
                >>>>
                >>>> is
                >>>>
                >>>> smtp_tls_policy_maps honored ?
                >>>
                >>> As a general rule, per-destination SMTP/TLS policy lookup results
                >>> override main.cf (and master.cf) settings.
                >>>
                >>> You enable smtp_tls_policy_maps lookups by specifying a non-empty
                >>> value (there appears to be no other way to turn this off).
                >>
                >> Hi Wietse, i set
                >>
                >> smtp_tls_security_level = may
                >>
                >> and
                >>
                >> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
                >>
                >> with
                >>
                >> /etc/postfix/tls_policy
                >>
                >> example.com encrypt
                >>
                >> so it should goal
                >>
                >> encrypt ,if possible ,with fallback to plain, for all destination
                >>
                >> but for example.com encrypt only ( no plain fallback )
                >
                > That is what I mean with "smtp_tls_policy_maps overrides main.cf
                > (and master.cf)".
                >
                > Wietse
                >

                so it works like it should , thx Wietse


                Best Regards
                MfG Robert Schetterer

                --
                [*] sys4 AG

                http://sys4.de, +49 (89) 30 90 46 64
                Franziskanerstraße 15, 81669 München

                Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
                Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
                Aufsichtsratsvorsitzender: Joerg Heidrich
              Your message has been successfully submitted and would be delivered to recipients shortly.