[pmg-devel] [PATCH v2 pmg-docs 4/4] pmgconfig: Explain new TLS inbound domains configuration
Christoph Heiss
c.heiss at proxmox.com
Mon Mar 20 11:35:48 CET 2023
Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
---
Changes v1 -> v2:
* Rename 'TLS inbound policy' to 'TLS inbound domains'
* Add link to postconf(5) section for `reject_plaintext_session`
pmgconfig.adoc | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index fea26db..9a57d06 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -97,6 +97,10 @@ Stores your subscription key and status.
TLS policy for outbound connections.
+`/etc/pmg/tls_inbound_domains`::
+
+Sender domains for which TLS is enforced on inbound connections.
+
`/etc/pmg/transports`::
Message delivery transport setup.
@@ -495,6 +499,13 @@ This can be used if you need to prevent email delivery without
encryption, or to work around a broken 'STARTTLS' ESMTP implementation. See
{postfix_tls_readme} for details on the supported policies.
+Additionally, TLS can also be enforced on incoming connections for specific
+sender domains by creating a TLS inbound domains entry. Mails with matching
+domains must use a encrypted SMTP session, otherwise they are rejected. All
+domains on this list have the
+https://www.postfix.org/postconf.5.html#reject_plaintext_session[`reject_plaintext_session`]
+postfix parameter set.
+
Enable TLS logging::
To get additional information about SMTP TLS activity, you can enable
--
2.39.2
More information about the pmg-devel
mailing list