TLS for outgoing connections (GDPR related)

[taurix]

Some companies I communicate with are requiring that your outgoing SMTP initiates TLS with their mailservers because they say it is required by the GDPR.

Proxmox mail is not currently doing that, is it possible to make it do so? I'm not looking to set up TLS for incoming, that is explained in the manual.

 

[dcsapak]

quote from the admin guide:

Proxmox Mail Gateway uses opportunistic TLS encryption. The SMTP transaction is encrypted if the STARTTLS ESMTP feature is supported by the remote server. Otherwise, messages are sent in the clear.

this is currently not configurable

 

[dietmar]

Proxmox mail is not currently doing that

We do TLS if remote client offer TLS (opportunistic TLS).

 

[heutger]

GDPR requires encryption, if possible, also content encryption should be used. However "real world" would prefer to offer encryption as well as clear text, also BSI recommends to offer weak ciphers down to NULL (I recently tested a setup with only serious ciphers with result, that big companies can't mail me any more). So PMG default to offer STARTTLS in both directions is fine. If you want (on your own risk) to change this behavior, check on how to copy the templates and adjust them by yourself and have a look at smtp_tls_security_level options of postfix. You can enforce encryption only, but as said, it's on your own risk.