When to use mandatory TLS ("encrypt", ...)

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

When to use mandatory TLS ("encrypt", ...)

Viktor Dukhovni
On Wed, Mar 29, 2017 at 06:44:54AM -0700, Den1 wrote:

> Well, Viktor was talking about those:
> smtp_tls_security_level = encrypt -or- secure
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
> and my question was about those as well. You may read it once again since
> you have this one set:

You use mandatory TLS when all your mail is sent to a small set of
relay hosts that are known to support TLS.  If these have usable
certificates you can verify, you should consider using "secure" to
guard against active attacks, otherwise use "encrypt".