I have a very similar issue, although my goal is not to negotiate TLS with specific domains. I have:
main.cf smtp_tls_security_level = may smtp_tls_policy_maps = hash:/etc/postfix/tls_policy /etc/postfix/tls_policy example.com none .example.com none >From the documentation I read, I thought postfix would not try negotiating TLS with the example.com mail server, but it does. (I posted this question Mar. 5, but received no response). Best regards, J.L. Hill Am 15.03.2013 13:11, schrieb Wietse Venema: > Robert Schetterer: >> Hi, >> >> if i use >> >> smtp_tls_security_level = may >> >> is >> >> smtp_tls_policy_maps honored ? > > As a general rule, per-destination SMTP/TLS policy lookup results > override main.cf (and master.cf) settings. > > You enable smtp_tls_policy_maps lookups by specifying a non-empty > value (there appears to be no other way to turn this off). > > Wietse > Hi Wietse, i set smtp_tls_security_level = may and smtp_tls_policy_maps = hash:/etc/postfix/tls_policy with /etc/postfix/tls_policy example.com encrypt so it should goal encrypt ,if possible ,with fallback to plain, for all destination but for example.com encrypt only ( no plain fallback ) Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra
