Thank you. Before diving deeper into this, you're saying it is possible with postfix to setup a static routing (with maps / tables) in the form:
mails from Domain-A or specific SASL-user to DOMAIN Z with enforced TLS mails from Domain-B or specific SASL-user to DOMAIN Z with none TLS Is that correct? Am So., 9. Sep. 2018 um 16:28 Uhr schrieb Wietse Venema < [email protected]>: > Stefan Bauer: > > Hi, > > > > is there a way to specify on a per user basis (sasl authenticated user) > if > > TLS should be none or may or encrypted for a specific recipient domain? > > There is no "per-recipient map" version for Postfix SMTP client > parameters (or most other parameters). It does not make sense, > because > - One message may have multiple recipients. > - One connection may deliver multiple messages. > - TLS is a connection property, not a recipient property. > > Instead, you can use transport_maps to choose between different > Postfix SMTP clients (with different configurations) based on the > recipient address or domain. > > You can use the access map or header/body_checks FILTER action > ("FILTER name-of-transport:", without a domain after the ":") to > choose delivery methods based on other message properties, with > some loss of elegance. > > > I would like to have the user to decide if his mail to a specific domain > > should be TLS encrypted and then maybe bounce back but let other users > > mails to same destination domain go ahead with a may or none. > > That should be possible: use the transport_maps to choose between > one Postfix SMTP client that requires TLS, and one Postfix SMTP > client that does not. This should even work when an encrypted > connection is reused (smtp_tls_connection_reuse = yes). > > Wietse >
