• 5

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Postfix TLS policy based on source IP

I have an old MTA, that effectively cannot do anything TLS related.

It is being used for a number of internal systems, of which a subset of them have stricter requirements, where they must only send mail, if the receiver is able to recive using TLS; the policy 'must'.

I would like to implement a scenario where I replace that MTA with a Postfix drop-in replacement on same IP, as the systems are not easily configurable.

I'd like to hear if it is possible to say that server A,B,C,D (based on IP address/hostname etc) can send using 'may' policy, but server E,F should use the 'must' policy, regardless of the destinations.

I can find a lot of information on smtp-tls-policy-maps that handles this pr. destination, but nothing based on 'pr-source'.

Can anyone hint to as if it's possible, and where I should look in the docs?

If not, can anyone point to another product where this might be possible?

Br, Martin

This is not a feature of the current release of postfix.

You could perhaps do what you want with 2 postfix servers, one set for smtp_tls_security_level = encrypt and one set for smtp_tls_security_level = may, and haproxy using haproxy ACLs to direct the clients to the appropriate server.

With tools like ansible or expect the realm of what is difficult to configure can rapidly shrink. The first time: nigh impossible; subsequently: trivial.

  • 0
Reply Report

Trending Tags