smtp_tls_cert_file = /etc/postfix/ssl/postfix.pem
smtpd_tls_cert_file = /etc/postfix/ssl/postfix.pem
smtp_tls_note_starttls_offer = yes
{
# see http://www.postfix.org/postconf.5.html#smtp_tls_security_level
# *smtp_use_tls = yes (default no) this is oportunistic deprecated option
# equivalent of smtp_tls_security_level = may
# *smtp_enforce_tls = yes  (default no) also deprecated 
# would require it and require remote SMTP server hostname matches 
# the information in the remote server certificate, and that the remote SMTP server certificate 
# was issued by a CA that is trusted by the Postfix SMTP client
}smtp_tls_security_level = {
  my $smarthost = $SMTPSmartHost || "off";
  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
  my $tls_security_level = $postfix{'tls_security_level'} || "may";
  $tls_security_level = "encrypt" if ($smarthost ne "off" && $userid ne "");
  $OUT = $tls_security_level;
}
smtp_tls_enforce_peername = { (($postfix{'tls_enforce_peername'}||'yes') eq "yes")? 'yes' : 'no'; }
{
# keeping default for this one
# smtp_tls_ciphers = medium
}{
# keeping default for this one
# smtp_tls_protocols = !SSLv2, !SSLv3 
# smtp_tls_protocols = >=TLSv1
}smtp_tls_loglevel = 1 
