Hi!
I would like to use smtpd_tls_auth_only=yes at least for submission
port, but we have rare customers who have old scannners which don't
support SSL/TLS(as they say).
We also have probably strict HELO:
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
and also that old scanners don't qualify for correct hello, so we cannot
say to them "use 25 port, which can be used without TLS".
So I'm thinking about best compromise in this situation... Ideas?
--
KSB
