Dear list, I would be grateful for some input and confirmation about how smtp_tls_policy_maps works. The documentation are a bit obscure on the matter, and the results of my experimentation aren't perfectly clear to me.
I found that smtp_tls_policy_maps is not necessarily indexed by the "next-hop destination": in cases when there is no explicit next-hop defined in $transport_maps or $relayhost (and hence DNS would be asked for the MXs), the policy map is searched for the recipient's domain instead. This is probably done because DNS cannot generally be trusted, and the only information that can be trusted is the recipient domain. Can you confirm this? I have not found a way to override this behaviour (i.e. if DNSSEC is being used). Do you know of one? -- martin | http://madduck.net/ | http://two.sentenc.es/ always remember you're unique, just like everyone else. spamtraps: madduck.bo...@madduck.net
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)