I have a mail server running on Centos 7.2 which has been working for my LAN
for a long time.
I'm at the point where I have to make it accessible to the internet. At the
moment, access can be insecure but as it's on my LAN it isn't an issue.
However, for internet access I wish to force SSL/TLS. Having read the
documents I think it's as simple as changing 10-ssl.conf from
ssl = yes
to
ssl = required
remote 10.0.0.0/8 {
ssl = yes
}
Am I right in thinking that this would make the global value now force SSL/TLS
to be required, but for my LAN (10.0.0.0/8) override this with the old value
of 'yes'
Is there a better way to do this?
Have I missed anything?
I believe that this means implies
disable_plaintext_auth = no
for all except my LAN. Is that right?