> On Dec 6, 2017, at 10:21 AM, li...@mbchandler.net wrote:
>
> main.cf
> smtpd_tls_security_level = may
>
> smtpd_sender_restrictions =
> check_client_access cidr:/etc/postfix/enforced_inbound_tls.cidr
>
> enforced_inbound_tls.cidr
> 10.0.0.0/8 reject_plaintext_session
>
> My question is, does the following setting in main.cf apply to tls
> connections that are enforced with check_client_access?
No. To configure mandatory TLS for some clients you'd
need a separate TCP endpoint which has security level
"encrypt". They could, for example, use port 587...
--
Viktor.
