On Wed, 22 Apr 2026 12:04:36 +0200 Geert Hendrickx <[email protected]> wrote:
> You can achieve roughly the same but without the additional layer, by > requiring TLS client certificates for SMTP submission and IMAP (and for > SSH, disable password authentication and accept only SSH keys). Thanks for the suggestion. I did look into mutual TLS authentication, but since the WireGuard handshake remains largely stateless for unauthenticated clients, it should help avoid TCP connection probing and the TLS handshake overhead from unwanted clients. I suppose I can always fall back on TLS client certificates if I later discover issues with WireGuard. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
