On Thu, Nov 26, 2009 at 05:02:33AM -0800, Harakiri wrote:
> I have a filter which does some things to outgoing mail, now i would
> like to check if this mail will possibly sent using TLS (config is,
> try TLS if available, if not just sent plain).
What will you do differently if the remote server supports STARTTLS?
What will you do if some of the MX hosts for the destination support
STARTTLS and some don't? How much effort do you want to expend to
discover this? What about MX hosts behind load balancers, with only
some supporting TLS (probably a misconfiguration on the remote side,
but not unprecedented).
> Is there a tool (except openssl) from Postfix to verify whether a
> message could be sent via TLS to a host? I like to save a status
> for each message in a log file I already created.
What's wrong with "openssl s_client -starttls smtp -connect host:25"?
I have an unreleased utility to probe the TLS support of remote TLS
servers, but it is NOT intended for use during message delivery or
by content filters. Rather, the purpose is to determine the available
security options for a tls policy entry for the destination.
- Is TLS available at all
- What ciphers
- What certificate issuer(s), subject CN and altNames.
Unfortunately, some code refactoring in the Postfix SMTP client is
needed to make the utility a more organic fit with the Postfix code,
so it is fit for public release.
Even then, using it in the way you seem to propose would be a mistake.
What problem are you actually trying to solve?
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
