Andrew Beverley:
> On Mon, 2015-06-08 at 11:58 -0400, Wietse Venema wrote:
> > What other TLS settings do you consider required? Postfix does not
> > need a client certificate for sending email.
>
> My mistake. I'd added in some of those settings when I couldn't get it
> working. In actual fact I was missing:
>
> smtp_sasl_tls_security_options = noanonymous
>
> it might be worth adding a pointer to that as well (although I realise
> it's covered in the trouble solving section).
OK, I added smtp_tls_security_level and smtp_sasl_tls_security_options.
The default for the latter should be more permissive, but unfortunately
Postfix has no equivalent for the shell's // operator:
smtp_sasl_tls_security_options = ${smtp_sasl_security_options/noplaintext/}
Wietse
