Postfix : outgoing mail in TLS for a specific domain

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by vercetty92 on Server Fault See other posts from Server Fault or by vercetty92
Published on 2012-06-04T10:10:42Z Indexed on 2012/06/04 10:43 UTC
Read the original article Hit count: 239

Filed under:
|

I am trying to configure postfix to send mail in TLS (starttls in fact), but only for a specific destination.

I tried with "smtp_tls_policy_maps".

This is the only line in my main.cf file regarding TLS configuration, but it seems not working.

Here is my main.cf file:

queue_directory = /opt/csw/var/spool/postfix
command_directory = /opt/csw/sbin
daemon_directory = /opt/csw/libexec/postfix
html_directory = /opt/csw/share/doc/postfix/html
manpage_directory = /opt/csw/share/man
sample_directory = /opt/csw/share/doc/postfix/samples
readme_directory = /opt/csw/share/doc/postfix/README_FILES
mail_spool_directory = /var/spool/mail
sendmail_path = /opt/csw/sbin/sendmail
newaliases_path = /opt/csw/bin/newaliases
mailq_path = /opt/csw/bin/mailq
mail_owner = postfix
setgid_group = postdrop
mydomain = ullink.net
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost
masquerade_domains = vercetty92.net
alias_maps = dbm:/etc/opt/csw/postfix/aliases
alias_database = dbm:/etc/opt/csw/postfix/aliases
transport_maps = dbm:/etc/opt/csw/postfix/transport
smtp_tls_policy_maps = dbm:/etc/opt/csw/postfix/tls_policy
inet_interfaces = all
unknown_local_recipient_reject_code = 550
relayhost = 
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

And here is my "tls_policy" file:

gmail.com    encrypt   protocols=SSLv3:TLSv1 ciphers=high

I also tried

gmail.com    encrypt

My wish is to use TLS only for the gmail domain.

With this configuration, I don't see any TLS line in the source of the mail.

But if I tell postfix to use TLS if possible for all destination with this line, it works:

smtp_tls_security_level = may

Beause I can see this line in the source of my mail:

(version=TLSv1/SSLv3 cipher=OTHER);

But I don't want to try to use TLS for the others domains...only for gmail...

Do I miss something in my conf? (I also try whith "hash:/etc/opt/csw/postfix/tls_policy", and it's the same)

Thanks a lot in advance

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about postfix

Related posts about tls

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle