postfix-users April 2011 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Configuring TLS with sender login maps

Re: Configuring TLS with sender login maps

From: Reindl Harald <h.reindl_at_nospam>
Date: Sat Apr 02 2011 - 20:11:43 GMT
To: postfix-users@postfix.org

Am 02.04.2011 21:58, schrieb Jeroen Geilman:
> On 04/02/2011 09:50 PM, Alex wrote:
>
>> Okay, I think I have it working correctly now. I believe my mistake
>> was with using the incorrect ports for authentication.
>
> Authentication doesn't have a "port" - it is an integral part of the SMTP protocol.
>
>> I think I may
>> not fully understand the logic behind the whole process still,
>> however.
>>
>> I've changed smtpd_tls_security_level to 'may' from 'encrypt' in
>> main.cf because it also needs to be able to accept mail from non-TLS
>> authenticated clients (which are actually other postfix servers) in
>> addition to my K9 android mail client.
>>
>
> You shouldn't run TLS at all on port 25 if you're not using it for submission - and there is no reason to do so

sorry but that is nonsense
YOU SHOULD ENABLE IT OR YOU CAN DISABLE SSL ON IMAP/POP3 TOO

what sense makes it to encrypt receiving messages over ssl with
your client as long other mail-servers deliver thmen
unencrypted?

if you wuld like encrypted services EVERY host and protocol which is
involved should support TLS or you can disable it completly

secuity level "may" is correct because not every host supports encryption
but if the host support it tls should be used, so the message is encrypted
from one client to the receiver, least you minimize the count
of unencrypted hops