Re: [Djigzo users] ERROR **** Message is stored in ERROR spool ****

Thu, 30 Apr 2015 23:56:44 -0700 

On 05/01/2015 08:22 AM, Frédéric d'Huart wrote:
> "smtpd_tls_security_level = encrypt" to "smtpd_tls_security_level = may"
> in /etc/postfix/main.cf fixed the issue.
> 
> Ciphermail Java mail client configuration doesn't seems to support TLS
> by default when connecting to localhost.
> Is there a way to activate it ?

Do you really need to support TLS for the internal SMTP connection? This
connection is only internal so enabling TLS is in my view wasting CPU
power. If you need to use smtpd_tls_security_level = encrypt for the
external accessible SMTP server, there are two options

1. Override the smtpd_tls_security_level setting for the internal port

Add a an empty smtpd_tls_security_level setting to the internal SMTP
daemon on  127.0.0.1:10026:

-o smtpd_tls_security_level=

So the definition for 127.0.0.1:10026 in /etc/postfix/master.cf should
look like:

127.0.0.1:10026 inet  n       -       n       -       10      smtpd
            -o content_filter=
            -o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
            -o smtpd_helo_restrictions=
            -o smtpd_client_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_tls_security_level=
            -o mynetworks=127.0.0.0/8
            -o smtpd_authorized_xforward_hosts=127.0.0.0/8
            -o smtpd_authorized_xclient_hosts=127.0.0.0/8
            -o cleanup_service_name=cleanup_reinject

Now the internal SMTP daemon does not require SMTP. All other SMTP
daemons (the one connected to external) use the default setting for
smtpd_tls_security_level


2. Enable TLS on the internal client

It should be possible to configure this since javamail supports TLS.
However I have never tested this since I do not see the need to locally
use TLS. If you really require this I might see how to configure this.


Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
[email protected]
https://lists.djigzo.com/lists/listinfo/users

Reply via email to