> Correction: > > "smtpd_use_tls = yes" turns on TLS when the remote SMTP client > sends the STARTTLS command. > > This the recommended configuration for MX hosts that also > must be able to receive plaintext mail.
That makes sense since I did not explicitly set the smtpd_use_tls setting, something in postfix apparently did it for me. Many thanks to you and the other postfix developers for automagically enabling that setting... However, my main point of confusion was surrounding the use of "smtp_tls_security_level", where I believe the documentation says the default for this setting is 'none'. I am suggesting the default be changed from 'none' to 'may' in order to enable opportunistic encryption. The docs say postfix will fall back to plaintext so why not encourage the use of encryption wherever possible (and automatically choose the better/more secure option similar to what you do for smtpd_use_tls)? I suppose setting the option to try encryption first by default might result in some added overhead on very busy mail servers, but I expect those server administrators are experts and aware of the implications (and they would want to use encrypted relays anyways right?). If you have good reasons for not changing the default to be more secure, perhaps adding an additional hint to the documentation might be the next best thing? i.e. a FAQ entry stating that users relaying through a host that supports STARTTLS may want/need to manually change smtp_tls_security_level to "may" or "encrypt". Matt
