Stefan Bauer:
> I like the option smtp_tls_note_starttls_offer = yes
> but when a host is logged, it's hard to keep track to which recipient
> domain that host belong without doing dns-lookups against all listed in
> smtp_tls_policy_maps.
>
> Can this be improved to maybe also list the appropriate recipient domain?
This information is logged then the TLS level is set to NONE.
Why not set the default TLS level to 'may' (perhaps with appropriate
default ciphers/protocols/etc) and automatically discover what
recipients can really be delivered over TLS?
The existence of a STARTTLS announcement does not mean that
you will actually be able to interoperate with the server.
Wietse
