So i am using Postfix mail_version = 3.4.14. would like to get an advise on the below 2 settings: smtpd_tls_security_level smtp_tls_security_level i have seen those 2 having in some setups the value "= may" and in some the value "= encrypt" so which is better to use. as a side note i have put "smtpd_tls_security_level = encrypt" on a test server and i have seen a lot of spam mails reduction. guess it is because many servers were not able to authenticate, but i am not sure if this will make us loose legitimate emails. Appreciate if some of the Guru's here could advise . Thanks
Using "may" means transport later encryption can be used; "encrypt" means it is required, ie. you won't be able to send to not receive from servers which do not have encryption. Surely you will see some reduction in spam as well as legitimate mail, and I have no idea to what extent.
There are a lot of misconfigured systems out there, so it is good to make your setup quite accepting.
Thank @Th0m and @Jesse Norell for your replies. So keeping the value as "=may" is better choice. @till i have seen in your that you have uncommented Code: -o smtpd_tls_auth_only=yes while in you Code: -o smtpd_tls_auth_only=yes is not available. is that for a reason?
I think this is more of the standard now, and it was not when writing the guide for Debian 10 - or the option did not exist back then. Enabling this should only force TLS for logins from your clients, so they don't connect through a unencrypted connection - it should not affect the connections from other mailservers.