×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Improving link security based on host relations

Improving link security based on host relations

Improving link security based on host relations

(OP)
Dear forum,

I'd like to improve link security on certain SMTP links using available and well known TLS security levels (may, encrypt, dane, fingerprint etc.).

I do this on some domains for years now.

Now I'm at a point to try do do this on certain mass domain hosting SMTP links, which means hundreds of thousands of domains using the same MX peer(s).

Unfortunately any lookup table you can create within Postfix is only using the domain or whole e-mail address as key. Even the transport table, which comes to mind first on thinking about securing certain links, uses domain names as the lookup key. AFAIK there's no host name or IP based lookup table in Postfix (yet).

Is there any way around this without building crazy gigantic domain name databases? The majority of them I don't know in advance anyways, so that would mean to pick domain by domain as they come in. Over years.

It might be a good idea to have a host (IP and/or hostname) based lookup table option in Postfix, since declaring a certain security level on any given SMTP link seems to be good enough security-wise, after we've already trusted a (possibly weak) MX lookup for a specific domain in the first place.

Maybe I missed a method, any help appreciated.

Manuel

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close