Micah Anderson:
>
> From my understanding of the way postfix currently operates, there is no
> smtpd/stmp TLS setting that can be set that would provide a
> configuration that would result in a more 'hardened' configuration,
> without causing interoperability problems. If I am wrong, I'm very
> interested in knowing where.
You can certainly narrow things on the Postfix SMTP client side,
and set up hardened TLS profiles for sites that you care about
with mandatory parameters that don't permit downgrade attacks.
On the SMTP server side things are not that simple. Why do you care
that some random stranger encrypts their mail that you might not
even want? Let the client worry about that.
Wietse
