Jerry:
> /etc/postfix/tls_policy:
> example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
> </quote>
>
> I did screw it up, I left out the "v"in the "TLSv1.2" protocol name.
> However, even changing that did not make any difference.
This confirms that Postfix never found the entry in your SMTP TLS
policy table (otherwise it would have complained about "TLS1.2").
> > smtp_tls_protocols = !SSLv2,!TLSv1.2
> > smtp_tls_mandatory_protocols = !SSLv2,!TLSv1.2
>
> This works fine for me. I fail to understand why the policy map fails
> however.
I used both main.cf and SMTP TLS policy table settings.
However, the SMTP TLS policy table "lookup key" field needs to match
the "next-hop" destination that is given to the Postfix SMTP client.
If you override the destination with transport maps, per-sender
relayhost, etc., then the "lookup key" field needs to match the
override.
Wietse
