Hmm - what exactly is your usecase? (maybe there is a different approach you could take)i need to enforce TLS on incoming mails from specific domain, so i would like to ask you is it enough to add that domain in "TLS Domain policy" in web interface?
This is correct - the domains entered there are added to the 'smtp_policy_maps' (and options prefixed with smtp_ affect the outbound connections)I understood that that is for outgoing mails?
smtpd_tls_security_level
...
encrypt
Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP server. Instead, this option should be used only on dedi‐
cated servers.
Hmm - what exactly is your usecase?
configure postfix to only accept TLS connections but this will break communication with quite a lot of mail-servers
Sounds nice - How have you set it up (it would help others in a similar situation)Postfix can do what i need much easier with "check_sender_access" table,
Sounds about right - and you need to do the postmap manually.f i copy templates from /var/lib/pmg/templates to /etc/pmg. and in main.cf change this line to:
smtpd_sender_restrictions = permit_mynetworks reject_non_fqdn_sender check_client_access cidr:/etc/postfix/clientaccess check_sender_access regexp:/etc/postfix/senderaccess regexp:/etc/postfix/senderaccess_custom check_recipient_access regexp:/etc/postfix/rcptaccess
and create file ofcourse, would this be enough? Shloud i do "postmap" on new file, or Proxmox will "detect it" and do it with "pmgconfig"?
nice - could you post an (anonymized) example - I did not see the option to make the result/response dependent of the TLS status?Yes, seems working.
My suggestion to Proxmox team would be to allow us to put "custom" action for specific domain in "senderaccess" file directly from web interface, not just "OK" or "REJECT - as "whitelist/blacklist" do.