Hi, we would like to go the next step, enable smtp_tls_security_level = dane. Currently we have encrypt site-wide.
But in cases where remote sites do not have published key material, the fallback is may with dane, which is a step back in terms of security and not wanted. How can we specify: 1, Always use at least encrypt 2, When TLSA-records are found and valid, use only this to encrypt 3, When no TLSA-records are found or the ones found can not be used, fall back to encrypt, if not possible, fail. *Stefan*