Hello,
I have a problem with the configuration of Postfix. I use a Postfix as a
Smarthost with a external Relayserver. The problem is, that the
SMTP-Connectioon to the Relay is not crypted with TLS. I use
"smtp_tls_securtiy_level = fingerprint" to prevent a man-in-the-middle attack.
The administrator of the relay server says, that the POP3 Connection with
fetchmail is secured with TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256
bits) zlib compression. But there is no security or crypt with the SMTP. I have
no idea, what the problem is ... Can you help me? My configuration is the
following:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
default_database_type = hash
myhostname = myhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = myhost, localhost.localdomain, localhost, 127.0.0.1,
192.168.1.22
relayhost = relay.domain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 192.168.1.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_security_level = may
smtp_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_session_cache_database = hash:${data_directory}/smtpd_scache
smtp_tls_security_level = fingerprint
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_fingerprint_digest = md5
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_tls_session_cache_database = hash:${data_directory}/smtpd_scache
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sender_dependent_authentication = yes
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent
mailbox_command = /usr/lib/dovecot/deliver
message_size_limit = 104857600
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination,
permit_tls_clientcerts
