########################### START SYSTEM DEFAULTS##########################alias_database = hash:/usr/local/etc/postfix/aliasesalias_maps = hash:/usr/local/etc/postfix/aliasescompatibility_level = 2queue_directory = /var/spool/postfixcommand_directory = /usr/local/sbindaemon_directory = /usr/local/libexec/postfixdata_directory = /var/db/postfixmail_owner = postfixunknown_local_recipient_reject_code = 550mynetworks_style = hostdebug_peer_level = 2debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5sendmail_path = /usr/local/sbin/sendmailnewaliases_path = /usr/local/bin/newaliasesmailq_path = /usr/local/bin/mailqsetgid_group = maildrophtml_directory = nomanpage_directory = /usr/local/mansample_directory = /usr/local/etc/postfixreadme_directory = noinet_protocols = ipv4meta_directory = /usr/local/libexec/postfixshlib_directory = /usr/local/lib/postfixrelay_domains = hash:/usr/local/etc/postfix/transporttransport_maps = hash:/usr/local/etc/postfix/transportvirtual_alias_maps = hash:/usr/local/etc/postfix/virtualsender_bcc_maps = hash:/usr/local/etc/postfix/senderbccrecipient_bcc_maps = hash:/usr/local/etc/postfix/recipientbccsender_canonical_maps = regexp:/usr/local/etc/postfix/sendercanonicalheader_checks = regexp:/usr/local/etc/postfix/header_checks_receivingsmtp_header_checks = regexp:/usr/local/etc/postfix/header_checks_delivering########################### END SYSTEM DEFAULTS##########################myhostname = "SECRET"mydomain = "SECRET"myorigin = $myhostnameinet_interfaces = allmynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.4/32smtpd_banner = "SECRET"message_size_limit = 31200000smtp_tls_security_level = maysmtp_tls_loglevel = 1# END SYSTEM DEFAULTS##########################myhostname = "SECRET"mydomain = "SECRET"myorigin = $myhostnameinet_interfaces = allmynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.4/32smtpd_banner = "SECRET"message_size_limit = 31200000smtp_tls_security_level = maysmtp_tls_loglevel = 1smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1smtp_tls_mandatory_ciphers = mediumsmtp_tls_protocols = $smtp_tls_mandatory_protocolssmtp_tls_ciphers = $smtp_tls_mandatory_cipherssmtpd_use_tls = yessmtpd_tls_auth_only = yessmtpd_tls_loglevel = 1smtpd_tls_received_header = yessmtpd_tls_cert_file = /usr/local/etc/postfix/cert_opn.pemsmtpd_tls_CAfile = /usr/local/etc/postfix/ca_opn.pemsmtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1smtpd_tls_dh1024_param_file = /usr/local/etc/dh-parameters.2048smtpd_tls_mandatory_ciphers = mediumsmtpd_tls_protocols = $smtpd_tls_mandatory_protocolssmtpd_tls_ciphers = $smtpd_tls_mandatory_cipherstls_low_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHAtls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384tls_preempt_cipherlist = nosmtp_sasl_auth_enable = yessmtp_sasl_password_maps = hash:/usr/local/etc/postfix/smtp_authsmtp_sasl_security_options =smtpd_milters = unix:/var/run/rspamd/milter.socknon_smtpd_milters = $smtpd_miltersmilter_protocol = 6milter_default_action = acceptrelay_recipient_maps = hash:/usr/local/etc/postfix/recipient_accesssmtpd_recipient_restrictions = check_recipient_access hash:/usr/local/etc/postfix/recipient_access, reject_unknown_client_hostname, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, reject_unauth_pipelining, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destinationsmtpd_helo_required = yessmtpd_helo_restrictions = permit_mynetworks,
I think the "Allow only TLS" Button is no longer necessary.
smtp_tls_CApath =