also sprach Victor Duchovni
[2010.08.30.1611 +0200]:
> > Is it intentional then that the TLS policy map is searched for
> > the nexthop, if one is defined there?
>
> Yes.
>
> > Does it /also/ check the policy for the recipient domain?
>
> No. TLS policy is by nexthop. TLS is a hop-by-hop secur
On Sat, Aug 28, 2010 at 07:00:58PM +0200, martin f krafft wrote:
> > The Postfix TLS security policy is based on where the mail is going
> > (its destination domain or administratively defined gateway).
>
> With "administratively defined gateway", you mean an entry in
> transport_maps?
Yes. This
also sprach Victor Duchovni
[2010.08.27.1946 +0200]:
> The recipient's domain *is* the nexthop destination. Don't confuse
> with the *nexthop* that is the input to DNS MX lookups with the
> output of the DNS lookup which returns hostnames.
Okay, thanks for clearing that up, and thanks for your e
On Fri, Aug 27, 2010 at 06:49:49PM +0200, martin f krafft wrote:
> I found that smtp_tls_policy_maps is not necessarily indexed by the
> "next-hop destination": in cases when there is no explicit next-hop
> defined in $transport_maps or $relayhost (and hence DNS would be
> asked for the MXs), the
Dear list,
I would be grateful for some input and confirmation about how
smtp_tls_policy_maps works. The documentation are a bit obscure on
the matter, and the results of my experimentation aren't perfectly
clear to me.
I found that smtp_tls_policy_maps is not necessarily indexed by the
"next-hop
