Postfix Postfix Users

smptd_tls_security_level = encrypt

classic Classic list List threaded Threaded
3 messages Options
Virtual Xmas
Reply | Threaded
Open this post in threaded view
|

smptd_tls_security_level = encrypt

Virtual Xmas 

    
Hello,
      

      

      Running Postfix 2.10.1.
      

      

      I am setting up an internal mail relay to receive mail from other
      internal clients.  I have a requirement that all email be received
      via TLS only.
      

      

      I have configured TLS using our internal PKI and set the
      appropriate settings in main.cf and mail is being received via TLS
      according to the headers.
      

      

      I have set smptd_tls_security_level = encrypt.  According to the
      documentation:
      

      

      encrypt: Mandatory TLS encryption: announce STARTTLS support to
      remote SMTP clients, and require that clients use TLS encryption.
      

      

      However, the server is still willing to accept non TLS unencrypted
      emails from smtp clients.
      

      

      Am I still missing a setting?
      

      

      

    

  



	
	
	
	

						
			

		

	

	

		

			

				

					Wietse Venema
				

				

					Reply |
					Threaded
	

		Open this post in threaded view
		

			

			

		

	

	 |
					
	
				

				

					
					
		
	
					

		Re: smptd_tls_security_level = encrypt
	

				

			

		

		

			

				
					

		

			Wietse Venema

	
	
		

	

	
	
	

	
						
				
					
	
	
	

		Virtual Xmas:


> Hello,

> 

> Running Postfix 2.10.1.

> 

> I am setting up an internal mail relay to receive mail from other 

> internal clients.? I have a requirement that all email be received via 

> TLS only.

> 

> I have configured TLS using our internal PKI and set the appropriate 

> settings in main.cf and mail is being received via TLS according to the 

> headers.

> 

> I have set smptd_tls_security_level = encrypt.? According to the 

> documentation:

> 

> encrypt: Mandatory TLS encryption: announce STARTTLS support to remote 

> SMTP clients, and require that clients use TLS encryption.

> 

> However, the server is still willing to accept non TLS unencrypted 

> emails from smtp clients.

> 

> Am I still missing a setting?


TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.



	
	
	
	

						
			

		

	

	

		

			

				

					Matus UHLAR - fantomas
				

				

					Reply |
					Threaded
	

		Open this post in threaded view
		

			

			

		

	

	 |
					
	
				

				

					
					
		
	
					

		Re: smptd_tls_security_level = encrypt
	

				

			

		

		

			

				
					

		

			Matus UHLAR - fantomas

	
	
		

	

	
	
	

	
						
				
					
	
	

				In reply to this post by Virtual Xmas
			

	

		On 01.10.18 10:21, Virtual Xmas wrote:


>Running Postfix 2.10.1.

>

>I am setting up an internal mail relay to receive mail from other 

>internal clients.  I have a requirement that all email be received via 

>TLS only.

>

>I have configured TLS using our internal PKI and set the appropriate 

>settings in main.cf and mail is being received via TLS according to 

>the headers.

>

>I have set smptd_tls_security_level = encrypt.  According to the 

>documentation:

>

>encrypt: Mandatory TLS encryption: announce STARTTLS support to remote 

>SMTP clients, and require that clients use TLS encryption.

>

>However, the server is still willing to accept non TLS unencrypted 

>emails from smtp clients.

>

>Am I still missing a setting?


something overridden in master.cf?



-- 

Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.

Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.

Eagles may soar, but weasels don't get sucked into jet engines. 



	
	
	
	

						
			

		

	

	
		
	

	

                        
                    		
                

            

             
				
			

		

			
				Free forum by Nabble
	
			
			
				
				Edit this page