Anomy,postfix, TLS, stunnel, spamassassin...ACK!!!!

From: James Nonya (
Date: Tue 23 Mar 2004 - 14:50:11 GMT

  • Next message: Ric Deters: "mime attachments"

    Hey all!

    Well...I've roasted my brain trying to come up with a
    good solution for's what I'm hoping to

    TLS encrypted server to server email for those that
    support the STARTTLS command.
    Normal SMTP server to server email for those that
    don't support STARTTLS.
    Content filtering after decryption.
    Control of who we recieve encrypted email from.

    Here's what I've done so far:

    Postfix + TLS patch:
    This works well, however at this time there are no
    inbound controls for it..once it's on it's on for
    everyone (at least that how it worked for me). Also,
    all content filtering was nuked...which makes sense as
    it IS encrypted after all ;). I guess a side question
    would be at what point in the process are things
    decrypted and is there any way to setup
    anomy/spamassassin combo to run the checks AFTER
    decrption? Without at least being able to control who
    I can recieve encrypted email from OR content filter
    after decryption, I'm sunk.

    Stunnel works ok accept I think I'm using it
    wrong...I've got it setup to listen at port 25 and
    foward to 465 that postfix is listening on. Stunnel
    accepts and ONLY accepts encrypted email and that's
    it. I'm needing a solution as above that will
    negotiate whether or not STARTTLS is going on both
    sides and if not continue on with normal SMTP traffic.
     Something tells me Stunnel is supposed to be used to
    setup SMTPS...but not TLS?

    That's it so far...I'm kind of stumped as to where
    else to go. I like the idea of stunnel as a proxy
    that sits in front..that way when an email hits
    postfix's smtpd it's already unencrypted...

    Any thoughts people? Thanks!


    Do you Yahoo!?
    Yahoo! Finance Tax Center - File online. File on time.

    hosted by