> On 19 Jun 2024, at 4:29 PM, Gilgongo via Postfix-users
> <postfix-users@postfix.org> wrote:
>
> > The defaults for those settings, as far as postfix is concerned, are as
> > follows:
> >
> > smtpd_tls_auth_only = no
>
> Why? Surely, "yes" is the better choice...
>
> You need to set this to "yes" if you plan to have accounts sending mail out
> through your mail server. Because that's potentially a security risk, Postfix
> doesn't set this to "yes" by default.
>
> As to smtpd_tls_security_level, you are right that (for port 25 smtp) it is
> better as "may", but the reason the default is none is that you will need to
> set up TLS certificate first, which isn't in the scope of what Postfix does.
> So that's why it sets none as the default.
It seemed to me at the time, per the thread subject, that your post was
recommending best-practice settings,
rather than showing Postfix default settings. If the latter, OK, but I don’t
need them explained, and not all
the explanations are correct.
—
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
