Using: smtpd_tls_security_level = may
(so only want opportunistic encryption, no cert validation, etc) the TLS_README suggests that it's best to just leave blank smtpd_tls_cert_file smtpd_tls_key_file smtp_tls_CAfile/path Question: so then does Postfix use some kind of internally generated self-signed cert? If that's true, I'm a little confused why the TLS_README's quick and dirty section advises to create a cert and configure it in Postfix. Is opportunistic encryption really just a matter of turning the security_level to "may" and that's it? PS - In this scenario, does it help to use smtpd_tls_session_cache_database or not?
