> On Dec 20, 2018, at 12:42 PM, Stefan Bauer <cubew...@googlemail.com> wrote:
>
> I use smtp_tls_security_level = encrypt
The cost of that choice is that you must also have:
main.cf:
indexed = ${default_database_type}:${config_directory}/
smtp_tls_policy_maps = ${indexed}tls-policy
and be prepared to watch your logs and add manual exceptions:
tls-policy:
# Non-mandatory TLS for domains that don't (yet?) have
# working STARTTLS. Perhaps "none" rather than "may" in
# some cases.
#
example.net may
...
--
Viktor.
