On Tue, 24 Apr 2012 12:51:16 -0400 (EDT) Wietse Venema articulated: >Jerry: >> /etc/postfix/tls_policy: >> example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2 >> </quote> >> >> I did screw it up, I left out the "v"in the "TLSv1.2" protocol name. >> However, even changing that did not make any difference. > >This confirms that Postfix never found the entry in your SMTP TLS >policy table (otherwise it would have complained about "TLS1.2"). > >> > smtp_tls_protocols = !SSLv2,!TLSv1.2 >> > smtp_tls_mandatory_protocols = !SSLv2,!TLSv1.2 >> >> This works fine for me. I fail to understand why the policy map fails >> however. > >I used both main.cf and SMTP TLS policy table settings. > >However, the SMTP TLS policy table "lookup key" field needs to match >the "next-hop" destination that is given to the Postfix SMTP client. > >If you override the destination with transport maps, per-sender >relayhost, etc., then the "lookup key" field needs to match the >override.
Thanks Wietse. It took me a while before I realized that I had to use: [smtp.live.com] as the key in the "tls_policy" file in order to get it to work. I was not using the "[ ]" brackets and it therefore was not working correctly. That also explains why I never received a warning message since the key was never found. -- Jerry ✌ postfix-u...@seibercom.net _____________________________________________________________________ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
