On 2015-08-04 5:59 pm, Viktor Dukhovni wrote:
On Tue, Aug 04, 2015 at 05:04:20PM -0500, Brad Chandler wrote:
I would like to enforce smtp tls for a domain and all of it's
subdomains
except one. For example my tls_policy file would look something like
this:
.example.com encrypt
test.example.com may
Will this work?
Mostly. However, note that as written "foo.test.example.com" will
be subject to the "encrypt" policy and "example.com" will not.
Perhaps you want:
example.com encrypt
.example.com encrypt
test.example.com may
.test.example.com may
Is there a particular order the records should be in?
No, Postfix database files built via postmap(1) are indexed. Order
requirements depend on the database type, not content semantics.
pcre, regexp, cidr, ... are order dependent
hash, btree, cdb, ... are not
Thank you! That worked great.
