Terry L. Inzauro wrote: > I am trying to force submission (with SMTP auth via SASL) clients on tcp/587 > to use TLS. Is there anyway to do this? I ran > across smtp_enforce_tls, but this seems to force any and all SMTP clients to > use TLS which is not what I want (this is a > public facing machine). > > > Will I need to implement some type of submission policy like this or am I > understanding the policy structure incorrectly? > > > <snip from http://www.postfix.org/TLS_README.html> > > /etc/postfix/main.cf: > smtp_tls_policy_maps = hash:/etc/postfix/tls_policy > > /etc/services: > submission 587/tcp msa # mail message submission > > /etc/postfix/tls_policy: > [example.net]:587 encrypt protocols=TLSv1 ciphers=high > [example.net]:msa encrypt protocols=TLSv1 ciphers=high > [example.net]:submission encrypt protocols=TLSv1 ciphers=high > > > </snip from http://www.postfix.org/TLS_README.html> > > > kind regards, > > > Terry >
never mind. i asked too soon. looks like "smtpd_tls_auth_only = yes" does the trick. Thanks for the great product and stellar community support. Keep up the good work. Happy Holidays to all. _Terry
