Dear forum,
I'd like to improve link security on certain SMTP links using available and well known TLS security levels (may, encrypt, dane, fingerprint etc.).
I do this on some domains for years now.
Now I'm at a point to try do do this on certain mass domain hosting SMTP links, which means hundreds of thousands of domains using the same MX peer(s).
Unfortunately any lookup table you can create within Postfix is only using the domain or whole e-mail address as key. Even the transport table, which comes to mind first on thinking about securing certain links, uses domain names as the lookup key. AFAIK there's no host name or IP based lookup table in Postfix (yet).
Is there any way around this without building crazy gigantic domain name databases? The majority of them I don't know in advance anyways, so that would mean to pick domain by domain as they come in. Over years.
It might be a good idea to have a host (IP and/or hostname) based lookup table option in Postfix, since declaring a certain security level on any given SMTP link seems to be good enough security-wise, after we've already trusted a (possibly weak) MX lookup for a specific domain in the first place.
Maybe I missed a method, any help appreciated.
Manuel
I'd like to improve link security on certain SMTP links using available and well known TLS security levels (may, encrypt, dane, fingerprint etc.).
I do this on some domains for years now.
Now I'm at a point to try do do this on certain mass domain hosting SMTP links, which means hundreds of thousands of domains using the same MX peer(s).
Unfortunately any lookup table you can create within Postfix is only using the domain or whole e-mail address as key. Even the transport table, which comes to mind first on thinking about securing certain links, uses domain names as the lookup key. AFAIK there's no host name or IP based lookup table in Postfix (yet).
Is there any way around this without building crazy gigantic domain name databases? The majority of them I don't know in advance anyways, so that would mean to pick domain by domain as they come in. Over years.
It might be a good idea to have a host (IP and/or hostname) based lookup table option in Postfix, since declaring a certain security level on any given SMTP link seems to be good enough security-wise, after we've already trusted a (possibly weak) MX lookup for a specific domain in the first place.
Maybe I missed a method, any help appreciated.
Manuel