> On Dec 6, 2017, at 1:41 PM, micah <mi...@riseup.net> wrote:
>
>>> main.cf
>>> smtpd_tls_security_level = may
>
> Is there a reason why 'smtpd_tls_security_level = may' is not default in
> postfix? What needs to be done to make it default? It seems harmless to
> have that enabled by default, with no negative effects that I can decern
> and improves the overall opportunistic landscape if it were
> default.
Someone has to decide what sort of certificate is appropriate for the
domain. That decision requires some administrator oversight. Therefore,
it is something that a package installer can prompt for. And some OS
distributions of Postfix do in fact enable inbound TLS IIRC.
On the Postfix side of things we make generating a self-signed certificate
easy via:
# postfix tls enable-server
http://www.postfix.org/postfix-tls.1.html
--
--
Viktor.
