Hello,
I have Postfix with TLS policy maps set up to send traffic via TLS to
remote MTAs. I'm writing an application which should be able to
determine if an email to given domain will be sent through an TLS
connection or not, just by reading the Postfix configuration. I
thought that having a look in the smtp_tls_policy_maps will be enough
e.g.
"gmail.com encrypt"
This works for domains which are looked up via DNS MX. Now, since the
gmail MTAs do not support TLS, I add the following transport mapping
in transport_maps
"gmail.com smtp.gmail.com:587"
Now the previous entry in smtp_tls_policy_maps does not work anymore
and I have to add a new one:
"smtp.gmail.com:587 encrypt"
So If I want to determine if an email to gmail.com is supposed to be
sent via TLS, the pseudo algorithm would be something like
IF "gmail.com" is *not* present in $transport_maps file
THEN
look for "gmail.com" in smtp_tls_policy_maps
ELSE
find the corresponding mapping for "gmail.com" in (in my
example smtp.gmail.com:587) and look for the mapping in
smtp_tls_policy_maps
Then simply look at the TLS policy mapping to see which level of TLS is used.
is that correct ?
Thanks for your help,
Jan
