Benny Pedersen wrote:
what does others do if remote have a self signed ssl key, accept it ?
Yes, accept it. Opportunistic TLS does not imply more trust than a non encrypted connection; you're willing to make a non-encrypted connection to that client. TLS in this case indicates encryption, but not authentication.
The usual reason for a purchased certificate on a mail server is so users don't get an error when submitting mail without you providing them the certificate or telling them to ignore the certificate error message.
-- Noel Jones
