brainsik/main.cf

## main.cf
# client TLS parameters
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_mandatory_ciphers = high
smtp_tls_cert_file=/etc/letsencrypt/live/XXX/fullchain.pem
smtp_tls_key_file=/etc/letsencrypt/live/XXX/privkey.pem
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes

# relay to smarthost
relayhost = [XXX]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_tls_verified_security_options = noanonymous
	# client TLS parameters
	smtp_tls_security_level = secure
	smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
	smtp_tls_mandatory_ciphers = high
	smtp_tls_cert_file=/etc/letsencrypt/live/XXX/fullchain.pem
	smtp_tls_key_file=/etc/letsencrypt/live/XXX/privkey.pem
	smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
	smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
	smtp_tls_loglevel = 1
	smtp_tls_note_starttls_offer = yes

	# relay to smarthost
	relayhost = [XXX]:587
	smtp_sasl_auth_enable = yes
	smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
	smtp_sasl_tls_verified_security_options = noanonymous