* Actually, $#anything will have the same effect, but you should use $#OK only to remain compatible with
future releases of sendmail.
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
218 | Chapter 5: Authentication and Encryption
The try_tls rule set allows you to exempt specific connecting hosts and domains
from STARTTLS support. This rule set simply looks up the connecting host??™s hostname
and address in the access database. Eachlookup is prefixed witha literal Try_
TLS:. If the lookup finds the host or address (if either is in the access database), the
use of STARTTLS is suppressed:
Try_TLS:broken.server NO ?†? a domain
Try_TLS:host.broken.server NO ?†? a host
Try_TLS:123.45.67.89 NO ?†? an IPv4 address
Try_TLS:IPv6:2002:c0a8:51d2::23f4 NO ?†? an IPv6 address
The righthand-side value for this lookup can be anything. All the try_tls rule set
cares about is whether the lookup succeeds.
If you wishto add your own rule to the try_tls rule set, you can do so withth e following
mc configuration command:
LOCAL_TRY_TLS
?†? additional rules for try_tls here
If your rules return a #error or #discard delivery agent, STARTTLS is suppressed. If
they return a $#OK,* STARTTLS is offered and subsequent try_tls rule set rules are
skipped (the access database lookups are not performed):
R $* $# OK skip subsequent try_tls rule set rules
But if they return a $@OK, STARTTLS might be offered.
Pages:
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414