[Email] - Enforce TLS for postfix #798
Labels
No Label
administration
Akkoma
Android
Bare metal
bug
Communication
Community
Cryptpad
Discussion
Documentation
duplicate
enhancement
etherpad
Feature request
Feedback
finances
Fixed
forgejo
fun_project
Goal 2024
help wanted
Howto
🤔️ Investigate
ios
jitsi
lacre
Lacre Test
ldap
Lemmy
LibreTranslate
low prio
Lufi
macos
Mail
Merch
monitoring
movim
needs_refine
New Auth
Nextcloud
nice to have
on hold
proposal
question
Ready
refined
Roundcube
searX
spam-protection
Staging Server
Themes
TOR
Urgent!
Website
windows
wontfix
xmpp
Yearly Report
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Disroot/Disroot-Project#798
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
According to postfix documentation
That basically means in order to ensure mail delivery non-tls connections should be allowed. "Usuário" on xmpp muc has raised an interesting point and I wonder.
🤔 In 2024 who does not use tls on their server except for spammers? Perhaps we could enforce it? We should dig deeper and weight all the pros and cons of a switch. This is not critical so we have enough time to debate, research and make a decission
Ok. My bed here.
Recently we have switched to DANE for smtp_tls_security_level #755
As per documentation, postfix uses mandatory TLS when TLSA record is found for the server, and if not it falls back to opportunistic TLS. This solution is the best imo as it pushes the adoption of DANE.
So this could be closed unless anyone has any more imput.
More info:
https://github.com/internetstandards/toolbox-wiki/blob/main/DANE-for-SMTP-how-to.md