>>> master.cf: >>> >>> submission inet n - n - - smtpd >>> -o smtpd_sasl_auth_enable=yes >>> -o >>> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject > > > You should also have: > > smtpd_tls_security_level=encrypt > > for the submission service...
Thank you but if I do that I won't be able to connect from Squirrelmail which does not currently support STARTTLS. Squirrelmail is on the same machine as postfix so TLS isn't necessary there anyway. Because authentication requires TLS and submission requires authentication if you aren't in mynetworks, I'm effectively requiring TLS for submission if you aren't in mynetworks, correct? - Grant
