Hello, I'm starting the process of moving my mail from a hosted service to my own. It'll include a Postfix server.
I got a test server running locally and 'sending & receiving' mail inside my lan. Now I'm doing my reading on security issues, authentication, and the like. I've got stacks of articles and notes. I'm looking for any advice from opinionated, experienced Postfix users. Couple of production questions: (1) For opensource authentication milters (DKIM, DMARC, ARC), that works with Postfix on Linux, there seem to be two main choices: https://github.com/fastmail/authentication_milter https://github.com/trusteddomainproject/ What do folks here recommend to use? (2) Is it time -- in the real-world -- to force STARTTLS yet? What's the current advice for MTA-STS vs MTA-DANE? Which should we implement? (3) The TLS 1.3 has been officially released. I guess there will be a release of OpenSSL 1.1.1 that has it coming pretty soon. What if anything should we be doing with Postfix and TLS 1.3? I'm guessing it will be ABLE to use it. But I don't want to make the mistake of turning it on just to be current, if I then make it impossible to communicate with my servers. Thanks. Rob Arlenn
