On Sat, Jun 13, 2020 at 09:16:56PM +0200, Ján Máté wrote: > Now I understand ... is there any trick to ignore the > smtp_tls_policy_maps if valid TLSA entries from DNSSEC are returned?
No. The policy lookup happens first, and when it returns a policy other than DANE, we don't even look for TLSA RRs. Postfix would need a more expressive policy syntax for that. -- Viktor.