TLS for outgoing connections (GDPR related)

Apr 9, 2018
12
0
1
42
Some companies I communicate with are requiring that your outgoing SMTP initiates TLS with their mailservers because they say it is required by the GDPR.

Proxmox mail is not currently doing that, is it possible to make it do so? I'm not looking to set up TLS for incoming, that is explained in the manual.
 

dcsapak

Proxmox Staff Member
Staff member
Feb 1, 2016
4,154
378
88
31
Vienna
quote from the admin guide:
Proxmox Mail Gateway uses opportunistic TLS encryption. The SMTP transaction is encrypted if the STARTTLS ESMTP feature is supported by the remote server. Otherwise, messages are sent in the clear.
this is currently not configurable
 

heutger

Active Member
Apr 25, 2018
748
201
43
Fulda, Hessen, Germany
www.heutger.net
GDPR requires encryption, if possible, also content encryption should be used. However "real world" would prefer to offer encryption as well as clear text, also BSI recommends to offer weak ciphers down to NULL (I recently tested a setup with only serious ciphers with result, that big companies can't mail me any more). So PMG default to offer STARTTLS in both directions is fine. If you want (on your own risk) to change this behavior, check on how to copy the templates and adjust them by yourself and have a look at smtp_tls_security_level options of postfix. You can enforce encryption only, but as said, it's on your own risk.
 
  • Like
Reactions: DerDanilo

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!