On Thu, Feb 28, 2013 at 12:25:53AM +0100, Jan P. Kessler wrote: > Am 22.02.2013 17:06, schrieb Viktor Dukhovni: > > > > Surely, the policy table is indexed by MX hostname as well as > > > recipient domain. > > > > No, it is not. Only the nexthop domain is used since the MX host > > is derived from unauthenicated MX lookups and is trivially subject > > to MITM attacks. > > So it would have the same "quality" as the "encrypt" action, no?
Yes.
--
Viktor.
