For a attacking SNI the following ACL snippet should work:
- # to be prepended to your mail acl (acl_smtp_mail)
+ # to be prepended to your mail acl (the ACL referenced
+ # by the acl_smtp_mail main config option)
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
+ deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Fix
===