Is it possible to have both? letsencrypt for tls on port 25 for remote servers to verify
and tls-require verify auth on port 587 permitting self signed certificates signed by myca only for client authentication without any risk of arbitrary CAs providing forged certificates. Perhaps I can move /etc/ssl/cert.pem, though I guess that may break ftp etc. I am trying to replace ssh for client access to mail as it cannot be as energy efficient considering it is not email client controlled and so more like a VPN I understand email isn't the most secure but for internal comms on controlled servers it is secure and highly functional. Thanks, KC