Loading ...
Sorry, an error occurred while loading the content.
 

Re: smtp_tls_security_level = may combined wit smtp_tls_policy_maps.

Expand Messages
  • Wietse Venema
    ... As a general rule, per-destination SMTP/TLS policy lookup results override main.cf (and master.cf) settings. You enable smtp_tls_policy_maps lookups by
    Message 1 of 6 , Mar 15, 2013
      Robert Schetterer:
      > Hi,
      >
      > if i use
      >
      > smtp_tls_security_level = may
      >
      > is
      >
      > smtp_tls_policy_maps honored ?

      As a general rule, per-destination SMTP/TLS policy lookup results
      override main.cf (and master.cf) settings.

      You enable smtp_tls_policy_maps lookups by specifying a non-empty
      value (there appears to be no other way to turn this off).

      Wietse
    • Robert Schetterer
      ... Hi Wietse, i set smtp_tls_security_level = may and smtp_tls_policy_maps = hash:/etc/postfix/tls_policy with /etc/postfix/tls_policy example.com encrypt so
      Message 2 of 6 , Mar 15, 2013
        Am 15.03.2013 13:11, schrieb Wietse Venema:
        > Robert Schetterer:
        >> Hi,
        >>
        >> if i use
        >>
        >> smtp_tls_security_level = may
        >>
        >> is
        >>
        >> smtp_tls_policy_maps honored ?
        >
        > As a general rule, per-destination SMTP/TLS policy lookup results
        > override main.cf (and master.cf) settings.
        >
        > You enable smtp_tls_policy_maps lookups by specifying a non-empty
        > value (there appears to be no other way to turn this off).
        >
        > Wietse
        >

        Hi Wietse, i set

        smtp_tls_security_level = may

        and

        smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

        with

        /etc/postfix/tls_policy

        example.com encrypt

        so it should goal

        encrypt ,if possible ,with fallback to plain, for all destination

        but for example.com encrypt only ( no plain fallback )




        Best Regards
        MfG Robert Schetterer

        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Joerg Heidrich
      • Wietse Venema
        ... That is what I mean with smtp_tls_policy_maps overrides main.cf (and master.cf) . Wietse
        Message 3 of 6 , Mar 15, 2013
          Robert Schetterer:
          > Am 15.03.2013 13:11, schrieb Wietse Venema:
          > > Robert Schetterer:
          > >> Hi,
          > >>
          > >> if i use
          > >>
          > >> smtp_tls_security_level = may
          > >>
          > >> is
          > >>
          > >> smtp_tls_policy_maps honored ?
          > >
          > > As a general rule, per-destination SMTP/TLS policy lookup results
          > > override main.cf (and master.cf) settings.
          > >
          > > You enable smtp_tls_policy_maps lookups by specifying a non-empty
          > > value (there appears to be no other way to turn this off).
          >
          > Hi Wietse, i set
          >
          > smtp_tls_security_level = may
          >
          > and
          >
          > smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
          >
          > with
          >
          > /etc/postfix/tls_policy
          >
          > example.com encrypt
          >
          > so it should goal
          >
          > encrypt ,if possible ,with fallback to plain, for all destination
          >
          > but for example.com encrypt only ( no plain fallback )

          That is what I mean with "smtp_tls_policy_maps overrides main.cf
          (and master.cf)".

          Wietse
        • Robert Schetterer
          ... so it works like it should , thx Wietse Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15,
          Message 4 of 6 , Mar 15, 2013
            Am 15.03.2013 15:06, schrieb Wietse Venema:
            > Robert Schetterer:
            >> Am 15.03.2013 13:11, schrieb Wietse Venema:
            >>> Robert Schetterer:
            >>>> Hi,
            >>>>
            >>>> if i use
            >>>>
            >>>> smtp_tls_security_level = may
            >>>>
            >>>> is
            >>>>
            >>>> smtp_tls_policy_maps honored ?
            >>>
            >>> As a general rule, per-destination SMTP/TLS policy lookup results
            >>> override main.cf (and master.cf) settings.
            >>>
            >>> You enable smtp_tls_policy_maps lookups by specifying a non-empty
            >>> value (there appears to be no other way to turn this off).
            >>
            >> Hi Wietse, i set
            >>
            >> smtp_tls_security_level = may
            >>
            >> and
            >>
            >> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
            >>
            >> with
            >>
            >> /etc/postfix/tls_policy
            >>
            >> example.com encrypt
            >>
            >> so it should goal
            >>
            >> encrypt ,if possible ,with fallback to plain, for all destination
            >>
            >> but for example.com encrypt only ( no plain fallback )
            >
            > That is what I mean with "smtp_tls_policy_maps overrides main.cf
            > (and master.cf)".
            >
            > Wietse
            >

            so it works like it should , thx Wietse


            Best Regards
            MfG Robert Schetterer

            --
            [*] sys4 AG

            http://sys4.de, +49 (89) 30 90 46 64
            Franziskanerstraße 15, 81669 München

            Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
            Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
            Aufsichtsratsvorsitzender: Joerg Heidrich
          Your message has been successfully submitted and would be delivered to recipients shortly.