yep, I implemented a quarantine rpm only to check what rspamd rejects as spam, I now deactivated it because I am really confident what rspamd refuses, you cannot read that kind of emails in front of our children, too much instructive
So in clear we refuse spam, we store to junk probable spam, and we soft reject possible spam, before to accept them after two or three attempts. I really love rspamd, spamassassin is mostly dead now
please could you point to the documentation please.
My mind is splitted here, we know that we cannot trust what MTA do with our emails, for example GMAIL is known to read what you send, for giving you back ads. So restrict a protocol for postfix, except for a commercial point of view, I do no understand really. If you care to protect your conversation, please use PGP like I do.
This is not true of course when you are in a direct link between your server and the clients, I mean dovecot, apache, ejabberd (because at the xmpp protocol they get rid of tls1.0) and other services using TLS.
As ever I never owned the truth, so please help me to change my mind
For those who care to change, hardening security of protocol communication, you have a good redhat book also : Securing Applications with TLS in RHEL - Red Hat Customer Portal
EDIT: at NS we are concerned to receive the email, so we use the TLS protocol with the may
option. If the remote smtp cannot use TLS we accept the transaction
# With this, the Postfix SMTP server announces STARTTLS support to
# remote SMTP clients, but does not require that clients use TLS
# encryption:
smtpd_tls_security_level = may