Dear Postfix folks,
There are several SMTP servers, where messages should only be sent over a secure channel. But, the postmasters have set up the servers differently. Some use CAs to sign their certificates and some DANE with self-signed certificates.
To avoid maintaining two TLS policies, one where for `smtp_tls_security_level` the value `secure` is specified, and another with `dane-only` [1], and keeping an eye out, when SMTP switch to or from DANE, is there a way to maintain one list? So if no DANE records are published, it falls back to secure certificate verification?
Like `dane` falls back to `may`? Kind regards, Paul [1] http://www.postfix.org/TLS_README.html#client_tls_policy