postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: SMTPD TLS policy by Client IP ?

Re: SMTPD TLS policy by Client IP ?

From: Noel Jones <njones_at_nospam>
Date: Thu Oct 28 2010 - 19:48:11 GMT
To: postfix-users@postfix.org

On 10/28/2010 2:41 PM, Kevin Coveney wrote:
> We have been requested to setup a TLS enforcement policy for
> one of our clients to pass a security review.
> The policy would require that certain client connections be
> forced to use TLS to allow mail to be accepted.
> These connections would be pre-determined routes - by IP
> address or Hostname - from a table or a possibly DNS lookup.
> We are only in control of one side of the communication.
> It looks as if we can control the outbound via
> "smtp_tls_policy_maps" and force the encryption
> However for incoming mail it looks like
> "smtpd_tls_security_level" it is all or none on enforcement of
> encryption.
> Does such a control exist?
> Thanks,
> KevinCoveney

You can use a check_client_access maps with
"reject_plaintext_session" action.
http://www.postfix.org/postconf.5.html#reject_plaintext_session

   -- Noel Jones