On Sunday, May 06, 2007 at 09:16, Andreas Metzler wrote: > You'd be happy with something like this? [..] > ++Listing a host in tls_verify_hosts does not directly require the host > ++to actually use TLS. It can still send SMTP commands through > ++unencrypted connections. Enforcing TLS for a host needs to be done > ++separately using ACLs.
Thanks for the quick response, this looks all good to me! > ###################################### > hostlist youmustusedverifiedtls = blah.example.com : foo.example.com > > tls_verify_hosts = +youmustusedverifiedtls > [...] > > begin acl > acl_check_mail: > deny > message = No TLS encryption used > hosts = +youmustusedverifiedtls > condition = ${if eq{$tls_cipher}{}{yes}{no}} > ###################################### I guess you could replace the condition line with ! encrypted = * (This is what I do.) Regards, Oskar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]