Although, according to Google Transparency Report for Email encryption in transit, most of the servers supports TLS, there are still many that don't, and mandatory TLS will break your email delivery. Also, unlike HTTPS, SMTP doesn't have a strong PKI widely in use. As valid certificates hasn't been generally required neither for sending nor accepting mail, many are using self-signed certificates for their mail servers.
Therefore, opportunistic TLS is still the best choice. That's even said in the documentation for smtpd_tls_security_level
:
may
- Opportunistic TLS: announce STARTTLS support to remote SMTP
clients, but do not require that clients use TLS encryption.
encrypt
- Mandatory TLS encryption: announce STARTTLS support to remote SMTP
clients, and require that clients use TLS encryption. According to RFC
2487 this MUST NOT be applied in case of a publicly-referenced SMTP
server. Instead, this option should be used only on dedicated servers.
Ok, RFC 2487 has been obsoleted by RFC 3207, but this part hasn't changed. From section 4:
A publicly-referenced SMTP server MUST NOT require use of the
STARTTLS extension in order to deliver mail locally. This rule
prevents the STARTTLS extension from damaging the interoperability of
the Internet's SMTP infrastructure. A publicly-referenced SMTP
server is an SMTP server which runs on port 25 of an Internet host
listed in the MX record (or A record if an MX record is not present)
for the domain name on the right hand side of an Internet mail
address.
If you want to take a step forward in enforcing TLS on your mail exchange, it's not mandatory TLS encryption. Instead, you could implement DNS-Based Authentication of Named Entities (DANE) lookup for your outbound SMTP: namely RFC 7672 on SMTP Security via Opportunistic DANE TLS. This ensures you won't deliver emails to wrong servers if the recipient has decided to publish information on their accepted certificates. That's configured through smtp_tls_security_level
and requires DNSSEC:
smtp_tls_security_level = dane
smtp_dns_support_level = dnssec
If you wish to implement DANE for both outbound and inbound mail, you could read my more comprehensive answer from another question: Enabling TLS/SSL on Postfix.