On Fri, Feb 28, 2025 at 10:31:03AM +0100, Jaroslaw Rafa via Postfix-users wrote:
> Dnia 27.02.2025 o godz. 18:50:08 Wietse Venema via Postfix-users pisze:
> >
> > There is no 'automatic' wrappermode at this time.
> [...]
> > For now, use port 587 and enforce a TLS security level that can
> > match the server certificate.
>
> The OP can also wrap an unencrypted connection into stunnel, that should
> work.
Mandatory STARTTLS is not unencrypted. Postfix-to-Postfix over port 587
is not less secure than over 465. Just an extra couple of network
round-trips that don't much matter in email. Think of it as a less than
optimal TCP handshake before TLS starts.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
