Re: Need help with smtp_tls_policy_maps settings.

Wietse Venema Fri, 18 Feb 2022 06:05:40 -0800

P.V.Anthony:
> On 18/2/22 00:13, Noel Jones wrote:
> 
> > The fix is to tell your postfix to not offer STARTTLS in the EHLO 
> > response, using smtpd_discard_ehlo_keyword_address_maps
> > http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
> >  
> > 
> > 
> > something like:
> > 
> > # main.cf
> > smtpd_discard_ehlo_keyword_address_maps =
> >  ? cidr:/etc/postfix/discard_ehlo_keyword_map.cidr
> > 
> > # /etc/postfix/discard_ehlo_keyword_map.cidr
> > 216.109.104.12? starttls
> > 
> >  ? -- Noel Jones
> 
> I am reporting back to say it works well.
> 
> One more question. In the maps file is it possible to use a hostname 
> instead of an ip address?


No, we want this to be RELIABLE. Specify a net/masl form
to exclude a rangeof IP addresses.

        Wietse

Re: Need help with smtp_tls_policy_maps settings.

Reply via email to