Re: tls_policy_map, combination with transport_maps

Thu, 23 Oct 2014 07:28:18 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/23/2014 8:32 AM, Patrik Båt wrote:
> 
> Hello!
> 
> *main.cf config:* smtp_tls_policy_maps =
> hash:/etc/postfix/maps/tls_policy transport_maps       =
> proxy:mysql:/etc/postfix/mysql/relay-transport.cf
> 
> 
> *Postmap query:* postmap -q i...@testkund.domain.tld 
> mysql:/etc/postfix/mysql/relay-transport.cf 
> smtp:d748.dev-cust.domain.tld:6666

No brackets.

> 
> postmap -q [d748.dev-cust.domain.tld]:6666 
> hash:/etc/postfix/maps/tls_policy 
> [d748.dev-cust.domain.tld]:6666 none

brackets.

The entries don't match.



  -- Noel Jones


> 
> /"The TLS policy table is indexed by the full next-hop
> destination, which is either the recipient domain, or the
> verbatim next-hop specified in the transport table,
> $local_transport, $virtual_transport, $relay_transport or
> $default_transport. This includes any enclosing square brackets
> and any non-default destination server port suffix. The LMTP
> socket type prefix (inet: or unix:) is not included in the
> lookup key./" * **default setting is:* smtp_tls_CAfile =
> /etc/ssl/certs/ca-certificates.crt smtp_tls_loglevel = 1 
> smtp_tls_security_level = may smtp_tls_session_cache_database =
> btree:${data_directory}/smtp_scache smtp_tls_protocols =
> !SSLv2,!TLSv1.1,!TLSv1.2 smtp_tls_exclude_ciphers = 3DES:MD5 
> smtp_tls_policy_maps = hash:/etc/postfix/maps/tls_policy
> 
> 
> It isn't using the tls_policy_maps setting. I've must have
> done something wrong or totally misunderstood this.
> 
> This isn’t working as-well: testkund.domain.tld none (in 
> tls_policy_maps)
> 
> postfix              2.9.6-2         amd64 (on debian wheezy) 
> (tested 2.11.1 as-well)
> 
> Mailflow: 
> ORGINATING->SMTPD->AFTER-QUEUE-Amavisd-new->SMTPD:10030->SMTP->END
>
> 
(all in some instance( /etc/postfix))
> 
> And between (SMTP->END) I want to use the tls_policy_map.
> 
> I hope I’ve described the problem so you understands me :)
> 
> PS. no chroot what-so ever.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUSRBQAAoJEJGRUHb5Oh6gAzAIAIhVX40/yufZAShzQXO1hI15
eYaz3oXqEcVPTO/JojQGeXgZHsCwlmeyNOX4e8qtYtx0rHXpBhe7Vl52yDGPSOyU
/2ARYgiy128ycLW7UEeVCS7shdPaeJtv3S3EJ/FZzbJWL/tzruneiOr+QCmLAzJY
il8cznI+Mm6TApVK+F/6FN5gYeYohY6fIvLs2AMelmBCC9cu6si2Kr9N2dvtK5hH
TdWJjO0qBP0X7VUy9bkLG0tkDkf1hcZq9pjsHK3P80PQSiuIAYwKuJKmwiQ30uZH
VWgoKXZefEskylwdRkpitLt3pX4dT6gBvpr+QDvbJ00iYyFCH6JRI27i9n5IJgw=
=seIX
-----END PGP SIGNATURE-----

Reply via email to