> On Dec 6, 2017, at 2:27 PM, micah <mi...@riseup.net> wrote: > > I'm sorry, I meant 'smtp_tls_security_level = may' - not > smtpd_tls_security_level. > > You are correct that smtpd_tls_security_level would need a certificate, > but 'smtp_tls_security_level' does not, and as an opportunistic mode, it > is designed to fall back to cleartext, so I do not see any problem with > it being the default.
At least it is easy enough to turn on: http://www.postfix.org/postfix-tls.1.html # postfix tls all-default-client && postfix tls enable-client As for changing the default, I am not opposed, perhaps given the changes in the SMTP ecosystem since 2014: https://transparencyreport.google.com/safer-email/overview?encrypt_in=end:1512518400000;series:inbound;start:1388534400000&lu=encrypt_in&encrypt_out=end:1512518400000;series:outbound;start:1388534400000 a case can be made that Postfix 3.3 should do "may" out of the box. I am curious what other users and Wietse think of such a change... -- Viktor.
