On Tue, Aug 22, 2017, at 09:00 AM, Viktor Dukhovni wrote: > The global security level set via "smtp_tls_security_level" is > optionally preƫmpted by the per-destination policy table (which > can also override selected additional TLS settings).
Yeah I see the option to set the additional TLS params. That's exactly what I'm looking for. > > In other words, the DEFAULT policy will =may, and will be OVERRIDDEN by > > matches in tls_policy_outbound? > > Yes. Perfect. Thanks. For *INBOUND*, either @ postscreen or @ the after-postscreen smtpd handoff I can set -o postscreen_tls_security_level=<setting> or -o smtpd_tls_security_level=<setting> respectively. Is there an inbound per-domain TLS policy map? I looked for both smtpd_tls_policy_maps postscreen_tls_policy_maps but didn't see anything in the docs. Are they named differently, or not available because of the way the handshake happens?
