I'm setting up mandatory TLS policy for a couple of private client servers,
using
- smtpd_tls_security_level = may
+ smtpd_tls_security_level = encrypt
I started wondering whether it wouldn't be a bad thing to require ALL email
delivered to my server, from anywhere, to use TLS.
Reading at
http://www.postfix.org/TLS_README.html
It warns against doing this.
You can ENFORCE the use of TLS, so that the Postfix SMTP server
announces STARTTLS and accepts no mail without TLS encryption, by setting
"smtpd_tls_security_level = encrypt". According to RFC 2487 this MUST NOT be
applied in case of a publicly-referenced Postfix SMTP server. This option is
off by default and should only seldom be used.
That RFC, though, is from January 1999
http://tools.ietf.org/html/rfc2487
and afaict has been superceded by
http://tools.ietf.org/html/rfc3207
from February 2002, which also says
"A publicly-referenced SMTP server MUST NOT require use of the
STARTTLS extension in order to deliver mail locally."
It's 14 years later, and a lot's changed in SSL usage.
Are there any later relevant RFCs that change this advice against forced TLS?
Regardless of RFC, in today's "SSL everywhere" atmosphere, is this still good,
practical advice?
I've turned on smtpd_tls_loglevel=1, and will watch for awhile on my own
servers.
What do you 'real world' Postfix admins see/do these days?
Jason
