On 11/6/2013 4:30 PM, Wietse Venema wrote: > nik600: >> dear all >> >> is possible to force startssl/tls/ssl on sasl login ? > > You can configure Postfix so that it requires STARTTLS before it > announces SASL AUTH support and before it accepts AUTH commands. > > http://www.postfix.org/postconf.5.html#smtpd_tls_auth_only > > Wietse >
Additionally, the master.cf "submission" entry can use "-o smtpd_tls_security_level=encrypt" to require encryption for user submissions. Note: this setting MUST NOT be used in main.cf on an internet facing MX, because many public SMTP servers don't implement TLS. http://www.postfix.org/postconf.5.html#smtpd_tls_security_level -- Noel Jones
