3524b055db
According to
<https://www.postfix.org/postconf.5.html#smtp_tls_security_level>
for outgoing connections with smtp_tls_security_level
`encrypt` and higher (such as `verify` that we currently use)
the setting `smtp_tls_mandatory_protocols`
is used instead of `smtp_tls_protocols`.
According to `postconf -d`
(and `postconf` because the default is not changed)
current setting value is `smtp_tls_mandatory_protocols = >=TLSv1`.
But we only want to connect outside with TLS 1.2 and TLS 1.3.
`smtp_tls_protocols` which was already set to `>= TLSv1.2`
in commit 0155f32df6
only affected outgoing connections with the `may` level
exception set for nauta.cu domain via `smtp_tls_policy_maps`
which does not support STARTTLS at all.
Chatmail relays for end-to-end encrypted email
Chatmail relay servers are interoperable Mail Transport Agents (MTAs) designed for:
-
Zero State: no private data or metadata collected, messages are auto-deleted, low disk usage
-
Instant/Realtime: sub-second message delivery, realtime P2P streaming, privacy-preserving Push Notifications for Apple, Google, and Huawei;
-
Security Enforcement: only strict TLS, DKIM and OpenPGP with minimized metadata accepted
-
Reliable Federation and Decentralization: No spam or IP reputation checks, federating depends on established IETF standards and protocols.
This repository contains everything needed to setup a ready-to-use chatmail relay on an ssh-reachable host. For getting started and more information please refer to the web version of this repositories' documentation at