Hi Robert,
thanks. already saw that but i dont want to bother remote sites with a
'full verify'. still like the policy server approach. should be no big
thing for a coder - familiar with perl.
Am Samstag, 22. Dezember 2018 schrieb Robert Schetterer :
> Am 22.12.18 um 07:55 schrieb Stefan Bauer:
>
Am 22.12.18 um 07:55 schrieb Stefan Bauer:
nights later, a better approach seems to have a policy service that does
the tls pre-checking.
long time ago i wrote this
https://blog.sys4.de/recipient-verification-tls-mandatory-modus-en.html
perhaps it helps
Something like this already around?
nights later, a better approach seems to have a policy service that does
the tls pre-checking.
Something like this already around? ( i'm no coder but want to sponsor that
if someone can do it) pm please
Am Donnerstag, 20. Dezember 2018 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On
thats a nice approach! thank you. will test.
Am Donnerstag, 20. Dezember 2018 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Dec 20, 2018, at 1:25 PM, Stefan Bauer
wrote:
>>
>> I'm aware of such exceptions but I don't like to set them. Our policy
is safe or not at all via mail.
>
>
> On Dec 20, 2018, at 1:25 PM, Stefan Bauer wrote:
>
> I'm aware of such exceptions but I don't like to set them. Our policy is
> safe or not at all via mail.
That policy has a cost. You don't like the cost, but there it is...
> I would like to have a setting like do not try next mx,
> if fi
I'm aware of this exeptions but i dont like to set them. our policy is safe
or not at all via mail.
i would like to have a setting like do not try next mx, if first mx lacks
tls support. it assumes that if tls is not avail on primary it will for
sure also not be avail on second and third.
Am Donn
> On Dec 20, 2018, at 12:42 PM, Stefan Bauer wrote:
>
> I use smtp_tls_security_level = encrypt
The cost of that choice is that you must also have:
main.cf:
indexed = ${default_database_type}:${config_directory}/
smtp_tls_policy_maps = ${indexed}tls-policy
and be prepared to watch yo
On 12/20/2018 11:42 AM, Stefan Bauer wrote:
> Hi,
>
> i use smtp_tls_security_level = encrypt - if remote site have mx like
>
> mx 10 mail1 without tls
> mx 100 mail2 fake-mx with no open port
>
> postfix detects lack of tls on mx10goes to mx100 and waits
> maximal_queue_lifetime.
>
> i don't l
