Wietse wrote: > When an SRV response for "_smtps._tcp.example.com" names the standard SMTP > port, the feature overrides a default TLS security level "may" with > "encrypt". This is on/off configurable and needs a few lines of code in the > SMTP client's MX host iterator to upgrade a default TLS security level from > "may" to "encrypt.
Given the fact that "encrypt" implies no "dane" this sounds like a bad idea for interoperability with dane sites. All in all, imho interoperability with RFC 7672 and RFC 8461 are not addressed sufficiently yet. Regards, Joachim _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
