On Tue, Aug 22, 2017, at 10:19 AM, Viktor Dukhovni wrote:
> > So that looks like it should work.
>
> Yes, but what security goal does this achieve?
Just what I said above. To help working with specific senders if only to
debug, etc.
I'm not looking for a policy or a philosphy, I'm just
> On Aug 22, 2017, at 12:52 PM, yodel...@yepmail.net wrote:
>
> Based on your comment I found
>
>
> http://postfix.1071664.n5.nabble.com/Server-equivilent-of-smtp-tls-policy-maps-td26112.html
>
> that provides the concrete example
>
> smtpd_client_restrictions =
>check_client_access
On Tue, Aug 22, 2017, at 09:36 AM, /dev/rob0 wrote:
> See reject_plaintext_session, and in the case as you described,
> check_client_access:
>
> http://www.postfix.org/postconf.5.html#reject_plaintext_session
> http://www.postfix.org/postconf.5.html#check_client_access
>
On Tue, Aug 22, 2017 at 09:21:33AM -0700, yodel...@yepmail.net wrote:
> The reason that I'm asking is that I'd like to set my inbound
> policy =may by default, but for specific servers (that I may
> be working or warring with) sending email to me I want to
> force policy =encrypt.
>
> For
On Tue, Aug 22, 2017, at 09:13 AM, Viktor Dukhovni wrote:
> > Is there an inbound per-domain TLS policy map?
>
> http://www.postfix.org/TLS_README.html#client_tls_limits
Thanks. Okay I get that. But that reads like policy to me. It doesn't sound
like it's impossible.
The reason that I'm
> On Aug 22, 2017, at 12:08 PM, yodel...@yepmail.net wrote:
>
> Is there an inbound per-domain TLS policy map?
http://www.postfix.org/TLS_README.html#client_tls_limits
One may be tempted to try enforcing TLS for mail from specific sending
organizations, but this, too, runs into obstacles.
On Tue, Aug 22, 2017, at 09:00 AM, Viktor Dukhovni wrote:
> The global security level set via "smtp_tls_security_level" is
> optionally preƫmpted by the per-destination policy table (which
> can also override selected additional TLS settings).
Yeah I see the option to set the additional TLS
> On Aug 22, 2017, at 11:52 AM, yodel...@yepmail.net wrote:
>
> I just want to make sure I understand per-site domain policy maps' priority.
>
> If I set up an outbound postfix instance with
>
> -o smtp_tls_security_level=may
> -o smtp_tls_policy_maps=lmdb:/etc/postfix/tls_policy_outbound
>
Hi
I just want to make sure I understand per-site domain policy maps' priority.
If I set up an outbound postfix instance with
-o smtp_tls_security_level=may
-o smtp_tls_policy_maps=lmdb:/etc/postfix/tls_policy_outbound
the way that works is that both are used, right?
In other words, the
