[email protected] wrote: > > Am 25.10.2014 um 15:29 schrieb Michael Ströder: >> Can I define a special CA cert bundle in smtp_tls_policy_maps for a certain >> recipient domain? Which keyword(s) to use? >> >> For example I have a line like this in the map for recipient domain >> 'example.com': >> >> example.com verify protocols=TLSv1 ciphers=high >> >> Can I add to this line something like "CAfile=/path/to/private-CA.pem"? > > that's the way to go > http://www.postfix.org/TLS_README.html#client_tls_fprint
I already know this feature. But currently I don't want to implement cert pinning in this particular case. Maybe later. So once again: Quote from http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps "The lookup result is a security level, followed by an optional list of whitespace and/or comma separated name=value attributes that override related main.cf settings." Does that mean that I can add any main.cf setting into the line which starts with 'smtp_tls_'? So all 'smtp_tls_foo' can be used as 'foo='? Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
