Thank you very much. I didn't find it.
Am 04.06.19 um 15:49 schrieb Maxim Dounin:
Hello!
On Mon, Jun 03, 2019 at 10:16:20PM +0200, Marcus wrote:
I try to use NGiNX 1.10.3-1+deb9u2 (Debian 9 version) as SMTP proxy in
front of a postfix server. I defined one server that should accept
encrypted connections only. Therefore I set "starttls only".
But this server accepts plaintext mails also. If I use telnet to test
the proxy it provides STARTTLS but I can relay a mail without using it.
Currently, "starttls" is only enforced for authentication, but not
for non-authenticated mail delivery, as with "smtp_auth none" in
your config. If you want to reject all non-encrypted
non-authenticated mail delivery, you can do so using an auth_http
script.
Recently discussed here:
http://mailman.nginx.org/pipermail/nginx-devel/2019-March/011970.html
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
