At 15:13 -0700 Mark Edwards wrote:
>> I suspect you don't want tls_{,try_}verify_hosts at all. It's not needed
>> if you are relying on SMTP AUTH by the MUA anyway! It's more useful for
>> MTAs to trust other MTAs.
>
>Okay, that's what I originally suspected. So, is there a way to force
>users to enable SSL in their mail clients? There doesn't appear to be,
>from the documentation.
Well you could try rejecting mail which isn't encrypted with a trivial ACL
