Hello! On Mon, Jun 03, 2019 at 10:16:20PM +0200, Marcus wrote:
> I try to use NGiNX 1.10.3-1+deb9u2 (Debian 9 version) as SMTP proxy in > front of a postfix server. I defined one server that should accept > encrypted connections only. Therefore I set "starttls only". > > But this server accepts plaintext mails also. If I use telnet to test > the proxy it provides STARTTLS but I can relay a mail without using it. Currently, "starttls" is only enforced for authentication, but not for non-authenticated mail delivery, as with "smtp_auth none" in your config. If you want to reject all non-encrypted non-authenticated mail delivery, you can do so using an auth_http script. Recently discussed here: http://mailman.nginx.org/pipermail/nginx-devel/2019-March/011970.html -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
