On 11/06/2012 12:25 AM, Roman Gelfand wrote:
Is it a problem if I enforce tls from master.cf?
Rather the reverse: if you enforce TLS for all mail, you won't get any.
Add
-o smtpd_tls_security_level=encrypt
(mandatory whitespace before -o, and no spaces around =)
to your submission service in master.cf; you may set the global level to
"may", since there are increasing numbers of MTAs that support TLS.
They won't support (your) AUTH, however, so make sure to *dis*able that
option globally /if you enable TLS globally./
In short: where smtpd_tls_security_level=encrypt, you also want
smtpd_tls_auth_only; where smtpd_tls_security_level=may, you probably don't.
Confused yet ?
--
J.
