Unless I'm confused, it seems the description of the smarthosts smtps and smtp+tls are revered in the smtpd.conf man page.
My log seemed to back this up. When using smtp+tls, which the man page said uses STARTTLS but seems to actually use TLS which my ISP does not: Oct 21 21:42:58 ember smtpd[41596]: ca9dba5e7f80e6ca mta connecting address=smtp+tls://68.87.20.6:465 host=omta-ch2.sys.comcast.net Oct 21 21:42:58 ember smtpd[41596]: ca9dba5e7f80e6ca mta connected Oct 21 21:43:59 ember smtpd[41596]: ca9dba5e7f80e6ca mta error reason=Connection closed unexpectedly And with smtps, which the man page said uses TLS, logs show STARTTLS: Oct 21 22:02:06 ember smtpd[66745]: a9193b70dbc40df0 mta connecting address=smtps://68.87.20.6:465 host=omta-ch2.sys.comcast.net Oct 21 22:02:06 ember smtpd[66745]: a9193b70dbc40df0 mta connected Oct 21 22:02:06 ember smtpd[66745]: a9193b70dbc40df0 mta starttls ciphers=version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256 Oct 21 22:02:06 ember smtpd[66745]: smtp-out: Server certificate verification succeeded on session a9193b70dbc40df0 A diff to swap the descriptions and reorder to group STARTLS and TLS smarthosts together. Tim. Index: smtpd.conf.5 =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.206 diff -u -p -r1.206 smtpd.conf.5 --- smtpd.conf.5 8 Oct 2018 06:10:17 -0000 1.206 +++ smtpd.conf.5 22 Oct 2018 23:52:25 -0000 @@ -244,14 +244,14 @@ The following protocols are available: .It smtp Normal SMTP session with opportunistic STARTTLS (the default). -.It smtp+tls +.It smtps Normal SMTP session with mandatory STARTTLS. +.It smtp+tls +SMTP session with forced TLS on connection. .It smtp+notls Plain text SMTP session without TLS. .It lmtp LMTP session. -.It smtps -SMTP session with forced TLS on connection. .El .Pp The