It seems like the whole world has gone crazy with TLS enforce requirements.
We have been running with opportunistic TLS for ages, even before Brightmail and never thought twice about it. We have other solutions for *real* email encryption.
Recently it seems many companies have "discovered" TLS and they think that this is some kind of a super-duper new tchnology. Some large companies even have entire departments dedicated to TLS. And then they send us a long list of their domains to which they want us to enforce TLS, or else they won't do business with us.
So I go to Protocols/Domains and add their domains as non-local, with the require TLS option.
But eventually the list of domains there has grown quite large (170 entries currently). And now each time I go to Protocols/Domains, it takes a loooong time to display them.
But that's not the bad part. The bad part is that each time I add a new domain to the list (or edit an existing entry), I start getting alerts from our Brightmail scanner appliances saying that they crashed and/or a bad message was De-queued.
It seems Brightmail can only handle so few entries in the Protocols/Domains list before it starts throwing fits when you add one more entry.