Hello,
I am starting to setup a Postfix server for our office.
I'm looking at TLS policy.
Reading old posts on the Postfix mailing lists there's lots of comments that
REQUIRING tls should never be done on an public internet-facing server.
But those comments are from 5-7 yrs ago.
Is that still the case?
On a friend's server we just checked 3 months of logs. IIUC there's been no
non-TLS connections at all in that time:
grep -i "connection established" postfix*.log | wc -l
125217
grep -i "connection established" postfix*.log | grep -v TLS | wc -l
0
And that's with what I understand to be a 'may' policy.
First, is that a legitimate way to check?
Second, if there are actually no non-encrypted connections, is it time finally
to simply require it?
Rob
