On Wed, Jul 17, 2013 at 08:10:44PM +0200, Vincent Pelletier wrote:
> On Wed, 17 Jul 2013 13:37:53 +0000, Viktor Dukhovni
> <postfix-us...@dukhovni.org> wrote:
> > The suggestion is I believe to use smtp_tls_policy_maps to ensure
> > that TLS is used for destinations where you will be using plaintext
> > authentication.
>
> Thanks, I think I understand now:
> main.cf (or a few -o in master.cf's submission service):
> smtp_sasl_security_options = noanonymous
> smtp_tls_security_level = must
"must" is not a valid value for "smtp_tls_security_level", see the
documentation for details.
> smtp_tls_policy_maps = hash:blah
>
> blah:
> [127.0.0.1] none
Either a secure default and insecure exceptions, or the converse.
--
Viktor.
