Hello list,
I gather from
http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps that the
match: directive really only has application to a policy of secure.
If I read right, it applies to the certificate validation.
I'm wondering if there is something similar but applies to MX hosts.
What I'm looking for:
When an MTA-STS policy has a mode of "testing" then certificate
validation should not be done because the RFC says to send it anyway
even if validation fails, so for those domains I want to use a policy of
'encrypt' instead of 'secure' but I also want the policy map to enforce
validation of the MX host policy.
Also, I want to do a similar thing with domains that I know have MX
servers with DANE support, but the zone with the MX record is NOT signed
with DNSSEC. I would like to set a 'dane-only' policy for them, but
since the MX record can't be trusted, but a list in the policy file that
MX host MUST match against.
Is there something similar to the match directive but applies to the MX
hostname rather than the TLS certificate?
Thank you for your time.
