Re: TLS with openssl-1.0.1a not working with hotmail
- On Tue, 24 Apr 2012 12:51:16 -0400 (EDT)
Wietse Venema articulated:
>Jerry:Thanks Wietse. It took me a while before I realized that I had to use:
>> example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
>> I did screw it up, I left out the "v"in the "TLSv1.2" protocol name.
>> However, even changing that did not make any difference.
>This confirms that Postfix never found the entry in your SMTP TLS
>policy table (otherwise it would have complained about "TLS1.2").
>> > smtp_tls_protocols = !SSLv2,!TLSv1.2
>> > smtp_tls_mandatory_protocols = !SSLv2,!TLSv1.2
>> This works fine for me. I fail to understand why the policy map fails
>I used both main.cf and SMTP TLS policy table settings.
>However, the SMTP TLS policy table "lookup key" field needs to match
>the "next-hop" destination that is given to the Postfix SMTP client.
>If you override the destination with transport maps, per-sender
>relayhost, etc., then the "lookup key" field needs to match the
[smtp.live.com] as the key in the "tls_policy" file in order to get it
to work. I was not using the "[ ]" brackets and it therefore was not
working correctly. That also explains why I never received a warning
message since the key was never found.
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html