43
data encryption in communication between local MTA and Internet and still use the ’content ltering’ methods. In MTA
Sendmail content ltering there is no problem with SMTP TLS support at all as the Sendmail Milter does not relay
on the SMTP communication and content ltering is done rather internally. On the other hand the Postx uses SMTP
protocol for data communication between content lter and MTA. Therefore once the TLS is enabled in Postx, the
content ltering method fails as whole the SMTP communication is encrypted. Fortunately, this can be solved on the
Postx TLS conguration level. The situation is depicted in a gure 7-1.
As is shown in the gure above, once the TLS is enabled, all the SMTP communication channels including SMTP
communication with content lter are aected. The only possibility in this case is to disable the TLS support for
communication between client and server located within localhost. This can be achieved by adding the following line
into the main Postx conguration le:
smtp_tls_per_site=hash:/etc/postx/smtp_tls_per_site
In addition you have to create ‚etc/postx/smtp_tls_per_site‘ le with the following content:
localhost NONE
and provide its appropriate hash table by entering the following command from ‚/etc/postx‘ directory:
postmap hash:smtp_tls_per_site
By using the above statement the ’/etc/postx/smtp_tls_per_site.db’ le is created that is used by Postx to enable
TLS on per site basis. As far as we have disabled TLS for localhost the content ltering can be used and at the same time
the SMTP communication between local MTA and Internet is encrypted.
chapter 6 / Tips and Tricks
To Next Page
Loading...
Need help?
General
