Postfix : outgoing mail in TLS for a specific domain
Posted
by
vercetty92
on Server Fault
See other posts from Server Fault
or by vercetty92
Published on 2012-06-04T10:10:42Z
Indexed on
2012/06/04
10:43 UTC
Read the original article
Hit count: 244
I am trying to configure postfix to send mail in TLS (starttls in fact), but only for a specific destination.
I tried with "smtp_tls_policy_maps".
This is the only line in my main.cf file regarding TLS configuration, but it seems not working.
Here is my main.cf file:
queue_directory = /opt/csw/var/spool/postfix command_directory = /opt/csw/sbin daemon_directory = /opt/csw/libexec/postfix html_directory = /opt/csw/share/doc/postfix/html manpage_directory = /opt/csw/share/man sample_directory = /opt/csw/share/doc/postfix/samples readme_directory = /opt/csw/share/doc/postfix/README_FILES mail_spool_directory = /var/spool/mail sendmail_path = /opt/csw/sbin/sendmail newaliases_path = /opt/csw/bin/newaliases mailq_path = /opt/csw/bin/mailq mail_owner = postfix setgid_group = postdrop mydomain = ullink.net myorigin = $myhostname mydestination = $myhostname, localhost.$mydomain, localhost masquerade_domains = vercetty92.net alias_maps = dbm:/etc/opt/csw/postfix/aliases alias_database = dbm:/etc/opt/csw/postfix/aliases transport_maps = dbm:/etc/opt/csw/postfix/transport smtp_tls_policy_maps = dbm:/etc/opt/csw/postfix/tls_policy inet_interfaces = all unknown_local_recipient_reject_code = 550 relayhost = smtpd_banner = $myhostname ESMTP $mail_name debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
And here is my "tls_policy" file:
gmail.com encrypt protocols=SSLv3:TLSv1 ciphers=high
I also tried
gmail.com encrypt
My wish is to use TLS only for the gmail domain.
With this configuration, I don't see any TLS line in the source of the mail.
But if I tell postfix to use TLS if possible for all destination with this line, it works:
smtp_tls_security_level = may
Beause I can see this line in the source of my mail:
(version=TLSv1/SSLv3 cipher=OTHER);
But I don't want to try to use TLS for the others domains...only for gmail...
Do I miss something in my conf? (I also try whith "hash:/etc/opt/csw/postfix/tls_policy", and it's the same)
Thanks a lot in advance
© Server Fault or respective owner