On 2014-10-23 16:27, Noel Jones wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/23/2014 8:32 AM, Patrik Båt wrote:
>> Hello!
>>
>> *main.cf config:* smtp_tls_policy_maps =
>> hash:/etc/postfix/maps/tls_policy transport_maps =
>> proxy:mysql:/etc/postfix/mysql/relay-transport.cf
>>
>>
>> *Postmap query:* postmap -q i...@testkund.domain.tld
>> mysql:/etc/postfix/mysql/relay-transport.cf
>> smtp:d748.dev-cust.domain.tld:6666
> No brackets.
>
>> postmap -q [d748.dev-cust.domain.tld]:6666
>> hash:/etc/postfix/maps/tls_policy
>> [d748.dev-cust.domain.tld]:6666 none
> brackets.
>
> The entries don't match.
>
>
>
> -- Noel Jones
Oh, Thanks for the heads up! without [] it works.
Another question, if I do the lookup of transport in transport_maps, I
can't use the domain in tls_policy_map?
Have I understand that right?
>
>> /"The TLS policy table is indexed by the full next-hop
>> destination, which is either the recipient domain, or the
>> verbatim next-hop specified in the transport table,
>> $local_transport, $virtual_transport, $relay_transport or
>> $default_transport. This includes any enclosing square brackets
>> and any non-default destination server port suffix. The LMTP
>> socket type prefix (inet: or unix:) is not included in the
>> lookup key./" * **default setting is:* smtp_tls_CAfile =
>> /etc/ssl/certs/ca-certificates.crt smtp_tls_loglevel = 1
>> smtp_tls_security_level = may smtp_tls_session_cache_database =
>> btree:${data_directory}/smtp_scache smtp_tls_protocols =
>> !SSLv2,!TLSv1.1,!TLSv1.2 smtp_tls_exclude_ciphers = 3DES:MD5
>> smtp_tls_policy_maps = hash:/etc/postfix/maps/tls_policy
>>
>>
>> It isn't using the tls_policy_maps setting. I've must have
>> done something wrong or totally misunderstood this.
>>
>> This isn’t working as-well: testkund.domain.tld none (in
>> tls_policy_maps)
>>
>> postfix 2.9.6-2 amd64 (on debian wheezy)
>> (tested 2.11.1 as-well)
>>
>> Mailflow:
>> ORGINATING->SMTPD->AFTER-QUEUE-Amavisd-new->SMTPD:10030->SMTP->END
>>
>>
> (all in some instance( /etc/postfix))
>> And between (SMTP->END) I want to use the tls_policy_map.
>>
>> I hope I’ve described the problem so you understands me :)
>>
>> PS. no chroot what-so ever.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUSRBQAAoJEJGRUHb5Oh6gAzAIAIhVX40/yufZAShzQXO1hI15
> eYaz3oXqEcVPTO/JojQGeXgZHsCwlmeyNOX4e8qtYtx0rHXpBhe7Vl52yDGPSOyU
> /2ARYgiy128ycLW7UEeVCS7shdPaeJtv3S3EJ/FZzbJWL/tzruneiOr+QCmLAzJY
> il8cznI+Mm6TApVK+F/6FN5gYeYohY6fIvLs2AMelmBCC9cu6si2Kr9N2dvtK5hH
> TdWJjO0qBP0X7VUy9bkLG0tkDkf1hcZq9pjsHK3P80PQSiuIAYwKuJKmwiQ30uZH
> VWgoKXZefEskylwdRkpitLt3pX4dT6gBvpr+QDvbJ00iYyFCH6JRI27i9n5IJgw=
> =seIX
> -----END PGP SIGNATURE-----
