Prev: PCI Compliance
Next: MDN and mupliple recipients
From: Victor Duchovni on 18 Mar 2010 12:37 On Thu, Mar 18, 2010 at 04:14:31PM -0000, Jonathan Tripathy wrote: > > It works in practice. A few Postfix TLS proxies have been terminating TLS > > connections, making access control decisions and forwarding unencrypted > > SMTP to a non-Postfix server for many years now. > > > > These systems only run "smtpd" as a proxy, and use various internal > > services, but otherwise there is no message processing. There is > > no logging from cleanup(8), qmgr(8), smtp(8), ... connectins come > > in and then they go out. Mail is never queued on the TLS proxy. > > How does one configure postfix to act like this? http://www.postfix.org/SMTPD_PROXY_README.html If this is not an MX host: main.cf: smtpd_proxy_filter = inet:[real-smtp-server]:real-port # Plus the usual "restrictions" settings and any (incoming) TLS # settings for the SMTP server. There is no support for outgoing # TLS in the SMTP server. # # ... If the real server is missing various EHLO features, you should turn them off also on the Postfix proxy (mostly DSN and 8BITMIME) and adjust the message size limit to match the real server. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. |