On Wed, Mar 29, 2017 at 06:44:54AM -0700, Den1 wrote:
> Well, Viktor was talking about those:
>
> smtp_tls_security_level = encrypt -or- secure
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
>
> and my question was about those as well. You may read it once again since
> you have this one set:
You use mandatory TLS when all your mail is sent to a small set of
relay hosts that are known to support TLS. If these have usable
certificates you can verify, you should consider using "secure" to
guard against active attacks, otherwise use "encrypt".
--
Viktor.
