On Sun, Feb 10, 2013 at 09:22:34PM +0100, we...@zackbummfertig.de wrote:
> When I set in main.cf:
>
> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
>
> and in
>
> /etc/postfix/tls_policy:
>
> example.com encrypt
>
> Will then every mail leaving my server to example.com be required
> to use TLS?
Yes, but without validation of the peer certificate. Thus you get
protection from passive eavesdropping, but not active man-in-the-middle
attacks (on TLS).
> And when I set in the same map
>
> example.net verify
>
> Every incoming mail is checked if the cert is signed by the CA,
> that i have stored in the CA_path ?
No. The policy table as documented applies only to outgoing mail.
Also the "verify" security level is not immune to MITM attacks that
return forged DNS responses. To avoid all MITM attacks, use "secure",
not "verify", provided the destination's SMTP servers have suitable
certificates.
Often you need to explicity provide non-default "match" parameters
along with the "secure" policy. Once you do so, the "verify" and
"secure" levels become identical, they only differ in their default
match policies.
All of this is explained in
http://www.postfix.org/TLS_README.html#client_tls_limits
http://www.postfix.org/TLS_README.html#client_tls_levels
http://www.postfix.org/TLS_README.html#client_tls_verify
http://www.postfix.org/TLS_README.html#client_tls_secure
http://www.postfix.org/TLS_README.html#client_tls_policy
--
Viktor.
