Opportunistic DANE / TLS per host
Michael Grimm
trashcan at odo.in-berlin.de
Mon Feb 9 15:06:32 CET 2015
On 09.02.2015, at 14:19, Michael Ströder <michael at stroeder.com> wrote:
> Michael Grimm wrote:
>> What I actually meant is: explicitly allow delivery for "broken" hosts on
>> purpose, no automatic fallback.
>
> This let's you easily specify any TLS policy per recipient site:
> http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps
Sigh. A default smtp_tls_security_level = dane and exceptions per host in smtp_tls_policy_maps are surely more elegant than my approach using a different transport [1]
Thanks and regards,
Michael
[1] which I somehow misunderstood in http://www.postfix.org/TLS_README.html#client_tls_dane
More information about the dane-users
mailing list