to allow clients you should enable ports submission (587) and submissions (465) in master.cf.
Thanks for your reply. We are already doing that. The main question is just what will break if we allow TLS only. Do you have any experience with this?
Thank you, Asai
