Curtis Villamizar:
> What I'd like to do is set smtpd_tls_security_level back to "may" and
> then somehow set it to "none" if the EHLO domain is comcast.net (oops
> the secret is out).
> 
> I see we have smtp_tls_policy_maps, but no smtpd_tls_policy_maps.

Use this to suppress the STARTTLS announcement selectively:

http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps

/etc/postfix/main.cf:
    smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/ehlo-map.cidr

/etc/postfix/ehlo-map.cidr:
    # The provider here.
    192.168.1.0/24 starttls

Or make your TLS server settings more tolerant.

(there's an analogous smtp_discard_ehlo_keyword_address_maps feature
for outbound delivery problems).

        Wietse

Reply via email to