On Tue, 27 Dec 2011 14:07:22 +0100, Jeroen Geilman wrote:
smtpd_tls_auth_only = yes to main.cf; otherwise, all authentication communication is sent "in the clear".
this will only break starttls clients, that means connection must be tls before connection, it will not make plain passwords more secure
