From 20e879adfa3f2e467e8364ef2623e979bed9a629 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 5 Jan 2018 11:34:01 +0100 Subject: [PATCH] pmgconfig.adoc: add TLS docu --- pmgconfig.adoc | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/pmgconfig.adoc b/pmgconfig.adoc index 04229a2..bc4dc03 100644 --- a/pmgconfig.adoc +++ b/pmgconfig.adoc @@ -303,7 +303,11 @@ ifndef::manvolnum[] image::images/screenshot/pmg-gui-mailproxy-networks.png[] endif::manvolnum[] -TODO +You can add additional internal (trusted) IP networks or hosts. +All hosts in this list are allowed to relay. + +NOTE: Hosts in the same subnet with Proxmox can relay by default and +it’s not needed to add them in this list. TLS @@ -313,6 +317,28 @@ ifndef::manvolnum[] image::images/screenshot/pmg-gui-mailproxy-tls.png[] endif::manvolnum[] +Transport Layer Security (TLS) provides certificate-based +authentication and encrypted sessions. An encrypted session protects +the information that is transmitted with SMTP mail. When you activate +TLS, {pmg} automatically generates a new self signed +certificate for you (`/etc/pmg/pmg-tls.pem`). + +{pmg} uses opportunistic TLS encryption. The SMTP transaction is +encrypted if the 'STARTTLS' ESMTP feature is supported by the remote +server. Otherwise, messages are sent in the clear. + +Enable TLS logging:: + +To get additional information about SMTP TLS activity you can enable +TLS logging. That way information about TLS sessions and used +certificate’s is logged via syslog. + +Add TLS received header:: + +Set this option to include information about the protocol and cipher +used as well as the client and issuer CommonName into the "Received:" +message header. + Those settings are saved to subsection 'mail' in `/etc/pmg/pmg.conf`, using the following configuration keys: