Hi, we have enforced TLS to all remote sites and have appropriate tls policy server, that checks if TLS is avail before accepting mails. That works as expected. we also only accept users with auth.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_recipient_restrictions = check_policy_service unix:private/policy policy server returns dunno or defer... Now the problem: for some destinations, we are aware, that TLS fails, so we skip checking and set "may" policy for specific users/destinations. However this settings seems to have no effect anymore, when we enable check_policy_service. master.cf (snippet): finance unix - - n - - smtp smtp_tls_policy_maps=hash:/etc/postfix/tls/finance tls/finance: remote-site.de may policy server responds with defer.... and custom smtp_tls_policy_maps are ignored. Howto work around this? thank you. Stefan
