On Tue, Apr 08, 2014 at 07:46:43AM +0000, Viktor Dukhovni wrote:
> No, TLS encryption is not available between the SMTP server and
> the pre-queue proxy filter. To use TLS for content inspection the
> only option is the post-queue content_filter. If filtering needs
> to happen before the client disconnects, I'm afraid TLS is not
> possible.
One could of course use stunnel (verify level >= 3 for actual MITM
protection) or IPsec, ... to create an encrypted channel between
the two end-points. It would also be possible to write an SMTP
proxy that encapsulates cleartext SMTP sessions via STARTTLS
(thus avoiding the need for additional configuration to terminate
an IPsec or stunnel on the remote side).
--
Viktor.
