On 18/03/2026 12:21, Wietse Venema via Postfix-users wrote:
Andrew Beverley via Postfix-users:
Hello all,
I wondered if it is possible to enforce outbound (smtp) TLS based on the
return-path of the email being sent?
I know that it is possible to enforce outbound TLS using
smtp_tls_policy_maps, but as far as I can tell rules can only be
stipulated based on the next-hop destination, not on other parameters
such as the return-path of the email being sent.
Use sender-dependent transport:
main.cf:
sender_dependent_default_transport_maps = inline:{
{ [email protected] = smtp-encrypt: } }
with a master.cf entry that enforces TLS:
master.cf:
smtp-encrypt .. .. .. .. .. .. .. smtp
-o { smtp_tls_security_level = encrypt }
Brilliant, thanks Wietse, that works well.
Next question: can I use a header in the transport map instead of the
sender...? Or any other parameters for that matter?
I am looking for a way to mandate onward delivery via enforced TLS,
stipulated from a client that is delivering to Postfix. I guess I could
set up a custom socket in master.cf, which would probably work for me,
although it would be good to know if there are any other options
(specifically with a header in the email).
Many thanks,
Andy
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
