smtp_tls_security_level = may
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
# smtp_tls_CApath=/etc/ssl/certs
smtp_tls_cert_file = /etc/postfix/smtpd.cert
smtp_tls_key_file = /etc/postfix/smtpd.key
smtp_use_tls = yes
smtp_tls_mandatory_protocols = >=TLSv1
smtp_tls_protocols = >=TLSv1
smtp_sasl_mechanism_filter = !gssapi, !external, static:all
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache