> On 06/21/2014 01:11 PM, Stefan Foerster wrote: > > our current situation is as follows: > > 1. Public MX, very low incoming volume, "smtpd_tls_security_level = may" > 2. Senders aren't known beforehand, i.e. no previous business relationship. > 3. Senders' IT usually doesn't support DANE. > 4. Incoming mail is considered highly(!) valuable to business. >
while not directly related to your question, I have an experience which touches this topic. Not long ago, I have decided I will require TLS on my private postfix server, so I have set: smtpd_tls_security_level = encrypt I expected that 99% of all servers supports TLS anyway (and I was willing to risk the 1%). How surprised was I when my server refused emails from Paypal, because Paypal does not (want to?) use TLS. I had to revert back to "may". Martin
