To illustrate, consider the MX example given earlier. If the access database contains
the following entry:
TLS_Rcpt:hostA.domain ENCR:128
encryption is required for any recipient at hostA.domain, even if delivery is redirected
with an MX record to another site, such as mail.someother.domain.
In addition to the righthand-side values described earlier, the tls_rcpt rule set allows
four righthand-side suffixes. Each starts with a plus sign, and when two or more are
listed, each is separated from the others with two plus signs:
TLS_Rcpt:hostA.domain ENCR:128+CN:smtp.hostA.domain++CI:hostB.domain
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
5.3 STARTTLS | 217
The suffixes allow further checks to be applied to the connection in addition to those
required by the existing righthand-side value. The suffixes and their meanings are:
CN:name
The name specified. It must match the value in the ${cn_subject} macro
(?§21.9.27 on page 816).
CN
The value in the ${cn_subject} macro (?§21.9.27 on page 816). It must matchth e
value in the ${server_name} macro (?§21.9.90 on page 845).
CS:name
The name specified. It must match the value in the ${cert_subject} macro
(?§21.9.15 on page 809).
CI:name
The name specified. It must match the value in the ${cert_issuer} macro
(?§21.
Pages:
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412