Can you set Postfix to enforce TLS on incoming email only from certain domains or IPs?

postfix

I'm looking for a Postfix configuration option like smtpd_enforce_tls but one that lets me enforce TLS selectively, depending on what domain the email is coming in from. I need to allow non-TLS incoming email from all but certain selected originating domains.

Is this possible? I know that it's simple to selectively enforce TLS on email going out from Postfix, but I'm talking about email coming in.


Solution 1:

Yes, you can - with a little engineering :)

Since you say you want to enforce TLS based on sender domain, you add a check_sender_access restriction to your smtpd_sender_restrictions, like so:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/enforced_tls

and in /etc/postfix/enforced_tls:

@example.org   reject_plaintext_session
@example.net   reject_plaintext_session

Don't forget to postmap the file, and reload postfix when you're done.

Solution 2:

/etc/postfix/enforced_tls must be in this format:

example.org   reject_plaintext_session
example.net   reject_plaintext_session

refer to http://www.postfix.org/access.5.html

Related

How to get iostat of a single process
Puppet file transfer slow
How can i enable byte range request?
How can I run a PowerShell function remotely?
Why ARP request is unicast?
uwsgi.ini configuration for python apps
How to determine who installed a program?
Nginx reverse cache 301 redirects (permanent)
how to undo an iptables rule that I did?
interpreting stickers on RAM
NTP Server with no connection to the internet
ADExplorer, how to search with "distinguishedName contains" condition?