This is a followup to #5 which optionally allows hosts within a cluster to relay SMTP traffic.
Apparently the default settings for smtpd_tls_security_level is to use may, which turns on 'Opportunistic TLS'. See https://www.postfix.org/postconf.5.html#smtpd_tls_security_level That ends up enabling TLS with generic certificates which would not be setup on a server. So in general we want to set smtpd_tls_security_level to none disabling TLS. If TLS is needed, then it can be manually set.
This is being tested on control-test-rhel84b.
control-test-rhel86a is temporarily setup to relay through control-test-rhel84b.
See https://jira.ncsa.illinois.edu/browse/SECURITY-1497
This is a followup to #5 which optionally allows hosts within a cluster to relay SMTP traffic. Apparently the default settings for
smtpd_tls_security_levelis to usemay, which turns on 'Opportunistic TLS'. See https://www.postfix.org/postconf.5.html#smtpd_tls_security_level That ends up enabling TLS with generic certificates which would not be setup on a server. So in general we want to setsmtpd_tls_security_leveltononedisabling TLS. If TLS is needed, then it can be manually set.This is being tested on
control-test-rhel84b.control-test-rhel86ais temporarily setup to relay throughcontrol-test-rhel84b.