Opportunistic DANE / TLS per host

Michael Grimm trashcan at odo.in-berlin.de
Mon Feb 9 15:06:32 CET 2015

On 09.02.2015, at 14:19, Michael Ströder <michael at stroeder.com> wrote:
> Michael Grimm wrote:

>> What I actually meant is: explicitly allow delivery for "broken" hosts on
>> purpose, no automatic fallback.
> This let's you easily specify any TLS policy per recipient site:
> http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps

Sigh. A default smtp_tls_security_level = dane and exceptions per host in smtp_tls_policy_maps are surely more elegant than my approach using a different transport [1]

Thanks and regards,

[1] which I somehow misunderstood in http://www.postfix.org/TLS_README.html#client_tls_dane

More information about the dane-users mailing list