Hello, I'm wondering about the usefulness of smtp(d)_tls_CAfile(path) when using opportunistic encryption in both incoming and outgoing connections. The TLS_README suggests that certificate and key files be left empty for opportunistic smtp processes, but it doesn't talk specifically about smtp_tls_CAfile(path).
Am I correct to infer that both smtp(d)_tls_CAfile settings only serve a purpose when you want to verify client/server certificates? If that's the case, why does the example at the bottom of TLS_README use both the CAfile settings with only opportunistic encryption? Our system seems to work without any CAfile/CApath settings under opportunistic encryption both incoming and outgoing. Is there a performance or security difference between using them or not? Sorry in advance if my shaky grasp of TLS is the problem here. Thank you!
