On Tue, Aug 04, 2015 at 05:04:20PM -0500, Brad Chandler wrote: > I would like to enforce smtp tls for a domain and all of it's subdomains > except one. For example my tls_policy file would look something like this: > > .example.com encrypt > test.example.com may > > Will this work?
Mostly. However, note that as written "foo.test.example.com" will be subject to the "encrypt" policy and "example.com" will not. Perhaps you want: example.com encrypt .example.com encrypt test.example.com may .test.example.com may > Is there a particular order the records should be in? No, Postfix database files built via postmap(1) are indexed. Order requirements depend on the database type, not content semantics. pcre, regexp, cidr, ... are order dependent hash, btree, cdb, ... are not -- Viktor.