Results 1 to 7 of 7

Thread: Enabling TLS between two Domains

  1. #1
    Join Date
    Jun 2013
    Posts
    14
    Rep Power
    2

    Default Enabling TLS between two Domains

    Hello,

    As per our requirement, is there any way to enable TLS between to particular domains for both inbound and outbound E mails. Whether self signed certificate can be generated for TLS and used or need to purchase any TLS Certificate from any provider and install the same.

    The Server is already in production without TLS. Request your valuable inputs.

    Thanks
    Arun

  2. #2
    Join Date
    Nov 2012
    Location
    Bangalore
    Posts
    173
    Rep Power
    2

    Default

    Quote Originally Posted by arun.cme View Post
    Hello,

    As per our requirement, is there any way to enable TLS between to particular domains for both inbound and outbound E mails. Whether self signed certificate can be generated for TLS and used or need to purchase any TLS Certificate from any provider and install the same.

    The Server is already in production without TLS. Request your valuable inputs.
    Self signed certs will do but users will get a warning.What do you mean by enabling tls between two domains here?

  3. #3
    Join Date
    May 2010
    Posts
    46
    Rep Power
    5

    Default

    Hi,

    Here my config:


    HTML Code:
    su - zimbra
    touch /opt/zimbra/conf/zimbra_tls_policy.cf
    echo "#domain1.com        encrypt  protocols=SSLv3:TLSv1" >> /opt/zimbra/conf/zimbra_tls_policy.cf
    echo "#domain2.com        encrypt  protocols=SSLv3:TLSv1 ciphers=high" >> /opt/zimbra/conf/zimbra_tls_policy.cf
    echo "#domain3.com        may" >> /opt/zimbra/conf/zimbra_tls_policy.cf
    echo "somebank.com        encrypt  protocols=SSLv3:TLSv1 ciphers=high" >> /opt/zimbra/conf/zimbra_tls_policy.cf
    
    /opt/zimbra/postfix/sbin/postmap /opt/zimbra/conf/zimbra_tls_policy.cf
    
    # Edit file /opt/zimbra/conf/zmmta.cf
    # find line "SECTION mta DEPENDS amavis" and at the end of section before "RESTART mta" add lines
        POSTCONF smtp_tls_security_level        LOCAL postfix_smtp_tls_security_level                       
        POSTCONF smtp_tls_policy_maps            LOCAL postfix_smtp_tls_policy_maps                          
        POSTCONF smtp_tls_note_starttls_offer    LOCAL postfix_smtp_tls_note_starttls_offer
    
    
    zmlocalconfig -e postfix_smtp_tls_security_level=may
    zmlocalconfig -e postfix_smtp_tls_policy_maps=hash:/opt/zimbra/conf/zimbra_tls_policy.cf
    zmlocalconfig -e postfix_smtp_tls_note_starttls_offer=yes
    
    zmmtactl restart
    This configuration enables Zimbra server try first establish TLS connection and if success send mails.

  4. #4
    Join Date
    Jun 2013
    Posts
    14
    Rep Power
    2

    Default

    I want only a group of users to have TLS Authentication not all users or any mail sending & receiving to a particular recepient domain not all domains should have TLS.

  5. #5
    Join Date
    May 2010
    Posts
    46
    Rep Power
    5

    Default

    I think for group of users it will be necessary register feature request.

    For me it's enough to force TLS connection with some domains, like banks, for secure mail transfers.

    It's up to you use it or add some solution by you self

  6. #6
    Join Date
    Jun 2013
    Posts
    14
    Rep Power
    2

    Default

    I mean is there any possibility I am referring..I can use the same no issues. But one more Query like ending & receiving to a particular recepient domain can have TLS or if enabled TLS it will work for all receipient domains.

  7. #7
    Join Date
    May 2010
    Posts
    46
    Rep Power
    5

    Default

    This config works only for specified domain you try to send mail. Ex. if all users send to somebank.com it always try first establish TLS connection for this domain.

Similar Threads

  1. Replies: 0
    Last Post: 01-25-2013, 10:41 AM
  2. Replies: 0
    Last Post: 01-25-2013, 10:41 AM
  3. Enabling S/MIME
    By uxbod in forum Administrators
    Replies: 6
    Last Post: 05-25-2012, 12:02 PM
  4. Enabling SpamAssassin
    By ekmeek in forum Administrators
    Replies: 5
    Last Post: 07-20-2011, 08:23 AM
  5. Enabling SSL and certs for multiple hosted domains
    By tomi1122 in forum Installation
    Replies: 0
    Last Post: 02-26-2011, 03:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •