Victor Duchovni wrote, on 23-01-10 17:48: > On Sat, Jan 23, 2010 at 05:31:47PM +0100, Jelle de Jong wrote: > >> postconf -e 'smtp_tls_security_level = encrypt' > > Is this SMTP client going to send all mail to a small set of TLS enabled > relay hosts? Or are you choosing to not be able to send any email to > the vast majority of domains whose MX hosts don't offer TLS?
The system is a satellite system that is only sending mail to one secure mail server, the mailrelay is only affable for smtp auth over ssl. the hostname of the sender will fail every sane check if it sent to other machines, because it has no fixed ip, and is behind a series of nat's. >> postconf -e 'smtp_tls_mandatory_protocols = !SSLv2, !TLSv1' > > Why disable both SSLv2 and TLSv1?! Leave this setting at its default > value, or disable just SSLv2. Does your client or server correctly handle > SSLv3, but fail to interoperate via TLSv1? Well my server supports SSLv3 just fine, so I thought I disable everything lower, and if better protocols come around postfix will update and will still be able to use the newer stuff since I did not force it to only use SSLv3. >> Hope that helps some people :) > > And does not mislead too many. A tutorial needs to not only provide > working settings, but also explain the use-case to which they apply > and why the settings are the right ones to the use-case at hand. All true, that sad the pointer I gave were not related to above and the documentation handles these points quite well. Best regards, Jelle
