On Sun, Sep 08, 2024 at 19:39:43 +0200, hostmaster--- via Postfix-users wrote:
> Interesting approach if i correctly understood what you do: You are running
> STARTTLS, basically accepting unencrypted connections but with
> "warn_if_reject reject_plaintext_session" you are rejecting unencrypted
> sessions once data transfer is about to start? Which is expected to generate
> the same outcome as "smtpd_tls_security_level = encrypt" with the benefit of
> getting this extra log line for more convenient monitoring?
Almost; but the prefix "warn_if_reject" logs a warning instead of actually
rejecting.
If reject_plaintext_session is used directly (like I do in recipient_access
for some domains/recipients), you indeed get the benefit of logging extra
context (mail from/rcpt to) instead of rejecting those sessions right away.
Geert
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
