> On Dec 20, 2018, at 12:42 PM, Stefan Bauer <cubew...@googlemail.com> wrote: > > I use smtp_tls_security_level = encrypt
The cost of that choice is that you must also have: main.cf: indexed = ${default_database_type}:${config_directory}/ smtp_tls_policy_maps = ${indexed}tls-policy and be prepared to watch your logs and add manual exceptions: tls-policy: # Non-mandatory TLS for domains that don't (yet?) have # working STARTTLS. Perhaps "none" rather than "may" in # some cases. # example.net may ... -- Viktor.