Just did an [emergency] conversion from qmail to postfix last night - but now I'm getting people complaining that mail client errors are showing up stating "no available encryption methods available" - switch them to use TLS over port 587 & they are fine... From what I read in the docs I thought I understood that TLS was optional, I have my postfix configured like this:
#smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_cert_file = /etc/postfix/servercert.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
#smtpd_use_tls = yes
smtp_tls_security_level = may
#smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
mynetworks = , 127.0.0.0/8, [::1]/128, 24.63.242.15/32
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
the docs seem to indicate that setting smtpd_tls_security_level to "may" makes TLS optional. Is this correct or am I misunderstanding something.
Basically I'm trying to avoid forcing users to change their mail client settings. [previously using port 587 and in some cases no TLS]