Hey all!
Well...I've roasted my brain trying to come up with a
good solution for this...here's what I'm hoping to
accomplish:
TLS encrypted server to server email for those that
support the STARTTLS command.
Normal SMTP server to server email for those that
don't support STARTTLS.
Content filtering after decryption.
Control of who we recieve encrypted email from.
Here's what I've done so far:
Postfix + TLS patch:
This works well, however at this time there are no
inbound controls for it..once it's on it's on for
everyone (at least that how it worked for me). Also,
all content filtering was nuked...which makes sense as
it IS encrypted after all ;). I guess a side question
would be at what point in the process are things
decrypted and is there any way to setup
anomy/spamassassin combo to run the checks AFTER
decrption? Without at least being able to control who
I can recieve encrypted email from OR content filter
after decryption, I'm sunk.
Stunnel:
Stunnel works ok accept I think I'm using it
wrong...I've got it setup to listen at port 25 and
foward to 465 that postfix is listening on. Stunnel
accepts and ONLY accepts encrypted email and that's
it. I'm needing a solution as above that will
negotiate whether or not STARTTLS is going on both
sides and if not continue on with normal SMTP traffic.
Something tells me Stunnel is supposed to be used to
setup SMTPS...but not TLS?
That's it so far...I'm kind of stumped as to where
else to go. I like the idea of stunnel as a proxy
that sits in front..that way when an email hits
postfix's smtpd it's already unencrypted...
Any thoughts people? Thanks!
James
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html