proxmox-mirrors/pmg-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pmg-docs synced 2025-07-16 21:01:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pmgconfig: Explain new TLS inbound domains configuration

Browse Source 
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
 [ S.I.: mention that the setting is only on the external port ]
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This commit is contained in:
Christoph Heiss 2023-03-20 11:35:48 +01:00 committed by Stoiko Ivanov
parent 5c1c286c9c
commit 374bcb5f49
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pmgconfig.adoc
View File

@ -97,6 +97,10 @@ Stores your subscription key and status.
TLS policy for outbound connections. TLS policy for outbound connections.
`/etc/pmg/tls_inbound_domains`::
Sender domains for which TLS is enforced on inbound connections.
`/etc/pmg/transports`:: `/etc/pmg/transports`::
Message delivery transport setup. Message delivery transport setup.
@ -495,6 +499,13 @@ This can be used if you need to prevent email delivery without
encryption, or to work around a broken 'STARTTLS' ESMTP implementation. See encryption, or to work around a broken 'STARTTLS' ESMTP implementation. See
{postfix_tls_readme} for details on the supported policies. {postfix_tls_readme} for details on the supported policies.
Additionally, TLS can also be enforced on incoming connections on the external
port for specific sender domains by creating a TLS inbound domains entry. Mails
with matching domains must use a encrypted SMTP session, otherwise they are
rejected. All domains on this list have and entry of
https://www.postfix.org/postconf.5.html#reject_plaintext_session[`reject_plaintext_session`]
in a `check_sender_access` table.
Enable TLS logging:: Enable TLS logging::
To get additional information about SMTP TLS activity, you can enable To get additional information about SMTP TLS activity, you can enable