This question is answered regularly on this list. http://www.postfix.org/TLS_README.html#server_cipher
> By default anonymous ciphers are enabled. … One can't force a remote > SMTP client to check the server certificate, so excluding anonymous > ciphers is generally unnecessary.
