On Mon, Sep 09, 2024 at 00:17:08 +1000, Viktor Dukhovni via Postfix-users wrote:
> And of course, I'd negligent to not mention that I don't recommend a hard
> requirement of TLS on port 25, you may one day reject some important mail
> and not even know it, and if STARTTLS stops working, you may be rejecting
> all mail until it is fixed.
I'm running with "warn_if_reject reject_plaintext_session" as the very last
smtpd_data_restrictions to get one-line logging of (otherwise successful)
unencrypted mail. It's indeed 99% junk, but still some important enough
legit plaintext e-mail every now and then.
I ended up putting "reject_plaintext_session" in recipient_access for some
less important forwarder domains where it doesn't do real harm, but blocks
a lot of spam that I don't need to filter anymore.
Geert
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
