DevHeads.net

Postings by lists

Enforced inbound TLS ciphers

I'm enforcing inbound TLS from my internal network with these settings:

main.cf
smtpd_tls_security_level = may

smtpd_sender_restrictions =
check_client_access cidr:/etc/postfix/enforced_inbound_tls.cidr

enforced_inbound_tls.cidr
10.0.0.0/8 reject_plaintext_session

My question is, does the following setting in main.cf apply to tls
connections that are enforced with check_client_access? If yes, then is
there a way to set this to low for a particular IP or subnet, and leave
it to medium for everybody else?

smtpd_tls_mandatory_ciphers = low

Postscreen: whitelist domain

I have postscreen setup according to the how-to. I use the following
configuration for the access list. As I understand it, I can only add IP
addresses or ranges to this list. Is it possible to whitelist the domain
name in the from address?

postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr