• 10
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

How to force postfix to deny all non TLS queries?

I have a server with postfix and a plain text authentication.

It accepts both TLS and non-TLS authentication.

How can I force the server to deny all non TLS queries so that the mail users never send their username and passwords in clear text when login in?

To make thinks clear, if user2@mymailserver2.com is the recipient and user@mymailserver.com the local sender:

  • I want this command to work (since there is the --tls option):

    swaks --tls --to user2@mymailserver2.com --from -a user1@mymailserver1.com -auth CRAM-MD5 --auth-user user1@mymailserver1.com
    
  • and that command to fail (since --tls is missing):

    swaks --to user2@mymailserver2.com --from -a user1@mymailserver1.com -auth CRAM-MD5 --auth-user user1@mymailserver1.com
    

Because it's New Year's day once more Reading Manuals as a Service.

From the manual

Supporting AUTH over TLS only

Sending AUTH data over an unencrypted channel poses a security risk. When TLS layer encryption is required (smtpd_tls_security_level = encrypt), the Postfix SMTP server will announce and accept AUTH only after the TLS layer has been activated with STARTTLS. When TLS layer encryption is optional (smtpd_tls_security_level = may), it may however still be useful to only offer AUTH when TLS is active. To maintain compatibility with non-TLS clients, the default is to accept AUTH without encryption. In order to change this behavior, set
smtpd_tls_auth_only = yes

  • 3
Reply Report

Trending Tags