Linux – How To Tell SendMail To Explicitly NOT Try TLS For A Domain

centosemaillinuxsendmailtls

CentOS 5.x | Sendmail

Hi Guys,

I have sendmail setup to perform opportunistic TLS but would like to never use TLS when sending to a specific domain. Is there an entry I can add to /etc/mail/access to tell the server not to use it (regardless of whether or not the receiving MTA advertises support)?

Best Answer

In the /etc/mail/access file, add the line:

Try_TLS:broken.server   NO

Related Solutions

Exim force TLS for specific destination domain

you can use the recipient ACL and use the encrypted condition, see here.

deny
    domains = secure.mail.org
    ! encrypted = *

EDIT

To force sending encrypted mail to some domains, you can create a "required tls" transport (specifying host_require_tls), and then create a router for the domains you want, e.g (untested):

begin router

tls_router:
    driver = accept
    domains = secure.mail.com
    transport = tls_smtp

begin transport

tls_smtp:
    driver = smtp
    hosts_require_tls = *

Sendmail SMART_HOST Not Working – Troubleshooting

Sendmail may be performing an MX lookup on the domain, which is not necessarily what you want. Enclose the hostname in square brackets to prevent this.

define(`SMART_HOST',`[foo.bar.com]')dnl

Best Answer

Related Solutions

Exim force TLS for specific destination domain

Sendmail SMART_HOST Not Working – Troubleshooting

Related Topic