Curtis Villamizar: > What I'd like to do is set smtpd_tls_security_level back to "may" and > then somehow set it to "none" if the EHLO domain is comcast.net (oops > the secret is out). > > I see we have smtp_tls_policy_maps, but no smtpd_tls_policy_maps.
Use this to suppress the STARTTLS announcement selectively: http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps /etc/postfix/main.cf: smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/ehlo-map.cidr /etc/postfix/ehlo-map.cidr: # The provider here. 192.168.1.0/24 starttls Or make your TLS server settings more tolerant. (there's an analogous smtp_discard_ehlo_keyword_address_maps feature for outbound delivery problems). Wietse