Henry Liu:
> When using Postfix "smtpd_tls_security_level = encrypt" in main.cf
> is it possible to make an exception for an incoming mail server
> connection that does not support encryption?
Use "smtpd_tls_security_level = may" and use reject_plaintext_session
in smtpd_sender_restrictions.
/etc/postfix/main.cf:
smtpd_tls_security_level = may
smtpd_sender_restrictions =
check_client_access inline:{example.com=permit}
reject_plaintext_session
Some may object to name-based exceptions: they can use IP addresses
and cidr maps instead.
/etc/postfix/main.cf:
smtpd_tls_security_level = may
smtpd_sender_restrictions =
check_client_access cidr:/etc/postfix/tls-exceptions
/etc/postfix/tls-exceptions
10.0.0.1/8 permit
0.0.0.0/0 reject_plaintext_session
Wietse
