Am 29.04.2014 22:49, schrieb btb: > i have an msa, which requires encryption and smtp auth, save one sole > exception - a client which [for now] cannot > perform either, that i must explicitly trust based only on source ip address. > to that end, i've allowed it to > perform submission with check_client_access, but i'm left at odds with > smtpd_tls_security_level = encrypt. i'd > like to say "smtpd_tls_security_level = encrypt, with this exception". > something akin to smtp_tls_policy_maps, but > for smtpd?
* just setup another listener on port 588 in master.cf * set "-o smtpd_tls_security_level=may" for that listener * open that port only for specific clients with specific IP's * tell the MSA to use 588 instead 587 we are doing practically the same for customers which need larger rate limits for valid reasons than we normally allow P.S: be *very* careful with "check_client_access", avoid access-restricitions ending with PERMIT whenever you can, they are easily ending in an open relay by small mistakes
