ESET NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER Installation Manual page 43

data encryption in communication between local MTA and Internet and still use the ' c ontent filtering' methods. In MTA
Sendmail content filtering there is no problem with SMTP TLS support at all as the Sendmail Milter does not relay
on the SMTP communication and content filtering is done rather internally. On the other hand the Postfix uses SMTP
protocol for data communication between content filter and MTA. Therefore once the TLS is enabled in Postfix, the
content filtering method fails as whole the SMTP communication is encrypted. Fortunately, this can be solved on the
Postfix TLS configuration level. The situation is depicted in a figure 7-1.
As is shown in the figure above, once the TLS is enabled, all the SMTP communication channels including SMTP
communication with content filter are affected. The only possibility in this case is to disable the TLS support for
communication between client and server located within localhost. This can be achieved by adding the following line
into the main Postfix configuration file:
smtp_tls_per_site = hash:/etc/postfix/smtp_tls_per_site
In addition you have to create ‚etc/postfix/smtp_tls_per_site' file with the following content:
localhost
and provide its appropriate hash table by entering the following command from ‚/etc/postfix' directory:
postmap hash:smtp_tls_per_site
By using the above statement the '/etc/postfix/smtp_tls_per_site.db' file is created that is used by Postfix to enable
TLS on per site basis. As far as we have disabled TLS for localhost the content filtering can be used and at the same time
the SMTP communication between local MTA and Internet is encrypted.
chapter 6 / Tips and Tricks
NONE
3