On Thu, Feb 03, 2022 at 08:48:23AM -0500, PGNet Dev wrote:
> i've a relay def'd in master.cf
>
> relay-test unix - - n - - smtp
> ...
> -o
> smtp_tls_policy_maps=${def_db_type}:${conf_dir}/test/relay_tls_policy
You can define multiple transports, each with its own "inet_protocols"
setting.
> entries is 'relay_tls_policy' take usual form, per
> http://www.postfix.org/TLS_README.html#client_tls_policy, e.g.
>
> [hostname.example.com]:25 secure match=hostname.example.com
> ...
Multiple transports can use the same policy table:
relay-test4 unix - - n - - smtp
...
-o inet_protocols=ipv4
-o
smtp_tls_policy_maps=${def_db_type}:${conf_dir}/test/relay_tls_policy
relay-test6 unix - - n - - smtp
...
-o inet_protocols=ipv6
-o
smtp_tls_policy_maps=${def_db_type}:${conf_dir}/test/relay_tls_policy
> for the relay, i can lockdown transport to a specific inet protocol,
>
> -o inet_protocols=ipv4
And create as many similar transports as you see fit.
> but that applies to all hosts in the map
>
> i haven't found (yet) a doc'd example of spec'ing per-host inet_protocols in
> maps.
Well, the choice of IP address family is not a TLS policy.
The map you're looking for is the transport(5) table.
--
Viktor.
