add short documentation for /etc/pmg/tls_policy

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/asciidoc/asciidoc-pmg.conf b/asciidoc/asciidoc-pmg.conf
index 3f49d0f0de76f7da3bca32902a333a03f2f05f09..278ffca0f6f75683c3ad953741edeb688f4955ed 100644 (file)
--- a/asciidoc/asciidoc-pmg.conf
+++ b/asciidoc/asciidoc-pmg.conf
@@ -11,6 +11,7 @@ manmanual=Proxmox Mail Gateway Documentation
 max-width=55em
 spamassassin=http://spamassassin.apache.org[SpamAssassin(TM)]
 postfix=http://www.postfix.org[Postfix]
+postfix_tls_readme=http://www.postfix.org/TLS_README.html[Postfix TLS Readme]
 systemd=https://www.freedesktop.org/wiki/Software/systemd/[systemd]
 clamav=https://www.clamav.net[ClamAV(R)]
 debian=https://www.debian.org[Debian]

diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index 2e8c16cbedbb1660eb5561509c7f5cf5ac4ec62f..1db30492aa202b90561845be704bab4acc9057f9 100644 (file)
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -89,6 +89,10 @@ List of local (trusted) networks.
 
 Stores your subscription key and status.
 
+`/etc/pmg/tls_policy`::
+
+TLS policy for outbound connections.
+
 `/etc/pmg/transports`::
 
 Message delivery transport setup.
@@ -324,9 +328,13 @@ the information that is transmitted with SMTP mail. When you activate
 TLS, {pmg} automatically generates a new self signed
 certificate for you (`/etc/pmg/pmg-tls.pem`).
 
-{pmg} uses opportunistic TLS encryption. The SMTP transaction is
+{pmg} uses opportunistic TLS encryption by default. The SMTP transaction is
 encrypted if the 'STARTTLS' ESMTP feature is supported by the remote
-server. Otherwise, messages are sent in the clear.
+server.  Otherwise, messages are sent in the clear.
+You can set a different TLS policy per desitination domain, should you for
+example need to prevent e-mail delivery without encryption, or to work around
+a broken 'STARTTLS' ESMTP implementation. See {postfix_tls_readme} for details
+on the supported policies.
 
 Enable TLS logging::