exclude localhost from postfix sasl, tls
due to pci dss check i am trying to allow only secure connections to postfix and exclude sslv2. I've added the following lines to main.cf
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_auth_only = yes
smtpd_tls_security_level = encrypt
and now as far as i can see it accepts only TLS connections. Unfortunately i can not connect simply from localhost to 25 and various web apps that do not authenticate locally can not send emails.
So my questions are :
1) how do i allow unencrypted and anonymous connections from localhost (as before)
2) how do instruct dovecot to use encrypted passwords ?
Thank you in advance.