On Tue, Apr 13, 2010 at 06:38:06AM +0000, Franck MAHE wrote:
> How to force some remote smtp server not to use TLS? I found the way
> for me to use the clear communication to send emails to specific domains,
> but I'm not able to find a solution for my issue. Any clue?
http://www.postfix.org/postconf.5.html#smtp_discard_ehlo_keyword_address_maps
main.cf:
smtp_discard_ehlo_keyword_address_maps =
cidr:${config_directory}/ehlo_maps.cidr
ehlo_maps.cidr
192.0.2.1 STARTTLS
If their sender IPs are not stable or predictable enough, it is their
problem to fix, the Postfix TLS implementation is robust.
If you want to understand why the problem is happening, you need to
capture a full SMTP session (complete packet capture not just headers)
and use wireshark or similar to analyze the SSL handshake. Or upload
the binary packet PCAP file (filter out just one complete TCP session from
SYN to FIN) somewhere and post the URL.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
