I'm considering if I should enable opportunistic TLS on our smtp gateways. Our gateways are known by several DNS names, so I think it will be difficult to use certificates signed by a "reputable" CA.
It seems safe enough to enable smtp_tls_security_level=may, but how do other mailservers behave if we enable smtpd_tls_security_level=may and offer self signed certs with possibly wrong name compared to what the MX-records are pointing to ? -jf
