On Wed, 17 Jul 2013 13:37:53 +0000, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > The suggestion is I believe to use smtp_tls_policy_maps to ensure > that TLS is used for destinations where you will be using plaintext > authentication.
Thanks, I think I understand now: main.cf (or a few -o in master.cf's submission service): smtp_sasl_security_options = noanonymous smtp_tls_security_level = must smtp_tls_policy_maps = hash:blah blah: [127.0.0.1] none This is indeed closer to the mental picture I had of the solution (host-based lookup), but I didn't notice the need for a laxist smtp_sasl_security_options value. I've the idea to someday move my postfix setup to a server also sending & receiving mails for its own domain. Is it a bad idea (error-prone) to mix both of those use cases on a single postfix, generally speaking ? If I understand correctly, a setup with both roles would need your initial suggestion (which I setup successfully before noticing the second reply). Regards, -- Vincent Pelletier
