Configuring Postfix to Enable Protector TLS Support for Explicit MTA
The Forcepoint DLP protector includes a Postfix release compiled with Transport Layer Security (TLS) support. Configure Postfix to enable TLS support. Although TLS is not officially supported, Postfix is available to allow for individual customer configurations.
This document provides a simple example TLS configuration for use as a test case and as a reference for future deployments.
The sample configuration is stored on the protector in the /etc/postfix/main.cf file. Every time the file is modified, reload Postfix using one of the following operations:
- With the “postfix reload” command
- With the “postfix-reconf” command
- By clicking Deploy in the Data Security module of the Forcepoint Security Manager
In the protector, Postfix serves as a store-and-forward proxy. This means that it functions as both a server (getting messages from the previous hop) and a client (delivering the non-blocked messages to the next hop).
Because previous and next hops may have different TLS requirements, settings for server and client modes are configured differently.