On 2/18/2016 8:46 AM, Jayesh Shinde wrote: > Hi , > > I am using SMTP relay server with centos 6.3 , > postfix-2.10.0-1.el6.x86_64 and TLS configuration . > How to relay only specific domain's email on over TLS and rest all > other on port 25 as normal i.e without TLS ? > > The requirement is :-- > --------------------------- > 1) Send the outgoing emails to domain1.com only on TLS. > 2) Send all other email on port 25 i.e without TLS. The reason for > this is , to allow packet monitoring of all other outgoing emails > with 3rd party application. > > Changes made :-- > ---------------------- > For the 1st requirement , I made below changes in main.cf. And by > this mail relay on TLS for domain1.com is working properly. > > transport_maps = hash:/etc/postfix/tls_enable_domain > smtp_tls_policy_maps=hash:/etc/postfix/tls_policy > smtp_use_tls = yes > > [root@smtp1 ~]# cat /etc/postfix/tls_enable_domain > .domain1.com smtp:[mx1.domain1.com] > domain1.com smtp:[mx1.domain1.com] > > [root@smtp1 ~]# cat /etc/postfix/tls_policy > mx1.domain1.com secure match=mx1.domain1.com > > Problem :-- > -------------- > 1) By doing above changes all other emails are also going on with > TLS . And its because of "smtp_use_tls = yes" . > Example: While sending email to Gmail.com its getting relay over > TLS ( header showing the same ) > > 2) To address this I tried by another method like below . But by > this config emails are not getting deliver to domain1.com over TLS . > where as all other emails are getting deliver port 25 i.e without TLS > > In main.cf :-- > transport_maps = hash:/etc/postfix/tls_enable_domain > smtp_tls_policy_maps=hash:/etc/postfix/tls_policy > smtp_use_tls = no > > master.cf > securetls unix - - n - - smtp > -o securetls_tls_security_level = may > -o securetls_use_tls = yes > -o securetls_tls_CAfile = /etc/postfix/CA_Bundle.pem
This should do what you ask when you use the right option names. -o smtp_tls_security_level=encrypt -o smtp_tls_CAfile=/etc/postfix/CA_Bundle.pem The smtp_use_tls keyword is deprecated by smtp_tls_security_level. Note there must be no spaces around the "=" in master.cf -o options. See the master.cf man page for details. -- Noel Jones > > > [root@smtp1 ~]# cat /etc/postfix/tls_policy > mx1.domain1.com secure match=mx1.domain1.com > > [root@smtp1 ~]# cat /etc/postfix/tls_enable_domain > .domain1.com securetls:[mx1.domain1.com] > domain1.com securetls:[mx1.domain1.com] > > Please guide . > > Regards > Jayesh Shinde > >
