Postfix : outgoing mail in TLS for a specific domain

Posted by vercetty92 on Server Fault See other posts from Server Fault or by vercetty92
Published on 2012-06-04T10:10:42Z Indexed on 2012/06/04 10:43 UTC
Read the original article Hit count: 244

Filed under:
|

I am trying to configure postfix to send mail in TLS (starttls in fact), but only for a specific destination.

I tried with "smtp_tls_policy_maps".

This is the only line in my main.cf file regarding TLS configuration, but it seems not working.

Here is my main.cf file:

queue_directory = /opt/csw/var/spool/postfix
command_directory = /opt/csw/sbin
daemon_directory = /opt/csw/libexec/postfix
html_directory = /opt/csw/share/doc/postfix/html
manpage_directory = /opt/csw/share/man
sample_directory = /opt/csw/share/doc/postfix/samples
readme_directory = /opt/csw/share/doc/postfix/README_FILES
mail_spool_directory = /var/spool/mail
sendmail_path = /opt/csw/sbin/sendmail
newaliases_path = /opt/csw/bin/newaliases
mailq_path = /opt/csw/bin/mailq
mail_owner = postfix
setgid_group = postdrop
mydomain = ullink.net
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost
masquerade_domains = vercetty92.net
alias_maps = dbm:/etc/opt/csw/postfix/aliases
alias_database = dbm:/etc/opt/csw/postfix/aliases
transport_maps = dbm:/etc/opt/csw/postfix/transport
smtp_tls_policy_maps = dbm:/etc/opt/csw/postfix/tls_policy
inet_interfaces = all
unknown_local_recipient_reject_code = 550
relayhost = 
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

And here is my "tls_policy" file:

gmail.com    encrypt   protocols=SSLv3:TLSv1 ciphers=high

I also tried

gmail.com    encrypt

My wish is to use TLS only for the gmail domain.

With this configuration, I don't see any TLS line in the source of the mail.

But if I tell postfix to use TLS if possible for all destination with this line, it works:

smtp_tls_security_level = may

Beause I can see this line in the source of my mail:

(version=TLSv1/SSLv3 cipher=OTHER);

But I don't want to try to use TLS for the others domains...only for gmail...

Do I miss something in my conf? (I also try whith "hash:/etc/opt/csw/postfix/tls_policy", and it's the same)

Thanks a lot in advance

© Server Fault or respective owner

Related posts about postfix

Related posts about tls