On Sat, Feb 20, 2016 at 08:32:31AM -0500, Wietse Venema wrote:

> > Creating a separate hash file with following content like below solved my
> > issue but doing the same for all domain will not be acceptable solution ...
> 
> If you want to encrypt mail to all domains:
> 
> /etc/postfix/main.cf
>    smtp_tls_security_level = encrypt
> 
> But I would not recommend this.

If the OP just wants to use TLS with domains that offer STARTTLS,
then:

    smtp_tls_security_level = may

may be most appropriate.  This does not prevent cleartext fallback
in case of trouble, but there are enough domains that advertise
non-working STARTTLS to make cleartext fallback the sensible choice
at present.  Opportunistic TLS is a counter-measure to passive
monitoring, not active attacks.

-- 
        Viktor.

Reply via email to