Re: disabling tls?

Wietse Venema Sat, 04 Jan 2014 17:18:24 -0800

Miles Fidelman:
> A (hopefully) quick question: How does one disable TLS for a single 
> destination?  (Yahoo has been exhibiting some funny problems with 
> in-bound mail, and at least one person found that disabling TLS for 
> yahoo servers was a work-around for them.)


Untested examples follow...

Approach 1: suppress STARTTLS by IP address
===========================================

/etc/postfix/main.cf: 
    smtp_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/discard_ehlo

/etc/postfix/discard_ehlo:
    1.2.3.0/24 starttls

http://www.postfix.org/postconf.5.html#smtp_discard_ehlo_keyword_address_maps
http://www.postfix.org/postconf.5.html#smtp_discard_ehlo_keywords

Approach 2: suppress STARTTLS by domain name
============================================

/etc/postfix/main.cf:
    transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport:
    yahoo.com   smtp-no-tls

/etc/postfix/master.cf:
    smtp-no-tls     unix  -       -       n       -       -       smtp
        -o smtp_discard_ehlo_keywords=starttls

http://www.postfix.org/transport.5.html
http://www.postfix.org/postconf.5.html#smtp_discard_ehlo_keywords

        Wietse

Re: disabling tls?

Reply via email to