> STARTTLS should be the first command the client issues, long before > DATA, but you seem confused as to who is connecting to spamd. Your > clients should never be talking to spamd to submit mail. >
Sorry, I maybe confused about the term for MTAs using ssl to deliver mail to me. I just feel wrong using tls for delivering mail to other servers or atleast a hop, without letting them do the same. Obviously the benefits of spamd outweigh the tls. I was wondering about something like relayd, nginx or stunnell in front of spamd but I think that I would either break allowing plain connections or would have to provide a way of bypassing relayd using submission and smtp ports, which I won't do. KeV