Viktor Dukhovni:
> On Fri, Feb 22, 2013 at 08:48:31AM -0500, Wietse Venema wrote:
>
> > > We are trying to establish enforced TLS with a partner that hosts about
> > > 2000 recipient domains. All of these point to the same four MX records:
> > >
> > > host[1-4].example.com
> > >
> > > As I did not want to specify all of these domains in our tls_policy
> > > file, I wanted to ask if there is any option to enforce TLS by those MX
> > > addresses.
> >
> > Surely, the policy table is indexed by MX hostname as well as
> > recipient domain.
>
> No, it is not. Only the nexthop domain is used since the MX host
I see. This was a property of the legacy tls-per-site table.
Wietse
