Force TLS on all inbound/outbound connections

T

TobiTobs

Member
Jun 3, 2022
13
2
8
Hi everyone,

we want to further narrow down our security and want to only allow TLS connections on our PMGs from now on.
There is the option to specify inbound/outbound domains, however I did not find a way to enter a wildcard here, only specific domains.

What would be the best way to enable this for the whole server so that plaintext transmission is not possible anymore, only those with STARTTLS?

Thanks
Tobias
 
Hi, @TobiTobs

A quick G. search gives:
https://www.postfix.org/TLS_README.html

"You can ENFORCE the use of TLS, so that the Postfix SMTP server announces STARTTLS and accepts no mail without TLS encryption, by setting "smtpd_tls_security_level = encrypt". According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced Postfix SMTP server. This option is off by default and should only seldom be used.

Example:

Code: 
/etc/postfix/[URL='https://www.postfix.org/postconf.5.html']main.cf[/URL]:
smtpd_tls_security_level = encrypt

..."

AFAIR, in PMG one must edit some template file, not the main.cf. So that the change is preserved.
 
HI @Onslow

thanks for your quick feedback!
The parameter in Postfix is known, my question was targeted to ask how to best implement this in PMG. Templates are fine for me but maybe its also possible via the UI (which would be preferred)?
 
You must log in or register to reply here.
Top Bottom
Back