Do not enforce TLS on the default SMTP port, related to #45

master
Pierre Jaury 8 years ago
parent e3e9012183
commit a6ab917aea

@ -27,9 +27,9 @@ relayhost = {{ RELAYHOST }}
############### ###############
# Only one key/certificate pair is used, SNI not being supported by all # Only one key/certificate pair is used, SNI not being supported by all
# services and not a strong requirement. # services and not a strong requirement. Also, TLS is enforced for submission
smtpd_use_tls = yes # and smtps in master.cf.
smtpd_tls_security_level = encrypt smtpd_tls_security_level = may
smtpd_tls_cert_file=/certs/cert.pem smtpd_tls_cert_file=/certs/cert.pem
smtpd_tls_key_file=/certs/key.pem smtpd_tls_key_file=/certs/key.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

@ -4,11 +4,11 @@
# Exposed SMTP services # Exposed SMTP services
smtp inet n - n - - smtpd smtp inet n - n - - smtpd
submission inet n - n - - smtpd submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd smtps inet n - n - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Loading…
Cancel
Save