On 29/12/2018 13:59, Patrick Ben Koetter wrote: > * John Fawcett <j...@voipsupport.it>: >> The first one is to leave an explicit trace in the log when starttls is >> enforced (for example on the submission port) but the client does not >> issue STARTTLS. > Have you tried to set reject_plaintext_session and trace its error message in > the log? > > p@rick > > > Thanks Patrick, as far as I can see that restriction does not have effect when smtpd_tls_security_level=encrypt on the submission port, since the error on lack of STARTTLS happens before evaluation of the restrictions. If I put smtpd_tls_security_level=may then AUTH is offered over an unencrypted connection.
John
