[pmg-devel] [PATCH pmg-docs 1/2] add short documentation for /etc/pmg/tls_policy

[Stoiko Ivanov]

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 asciidoc/asciidoc-pmg.conf |  1 +
 pmgconfig.adoc             | 12 ++++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/asciidoc/asciidoc-pmg.conf b/asciidoc/asciidoc-pmg.conf
index 3f49d0f..278ffca 100644
--- a/asciidoc/asciidoc-pmg.conf
+++ b/asciidoc/asciidoc-pmg.conf
@@ -11,6 +11,7 @@ manmanual=Proxmox Mail Gateway Documentation
 max-width=55em
 spamassassin=http://spamassassin.apache.org[SpamAssassin(TM)]
 postfix=http://www.postfix.org[Postfix]
+postfix_tls_readme=http://www.postfix.org/TLS_README.html[Postfix TLS Readme]
 systemd=https://www.freedesktop.org/wiki/Software/systemd/[systemd]
 clamav=https://www.clamav.net[ClamAV(R)]
 debian=https://www.debian.org[Debian]
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index 2e8c16c..1db3049 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -89,6 +89,10 @@ List of local (trusted) networks.
 
 Stores your subscription key and status.
 
+`/etc/pmg/tls_policy`::
+
+TLS policy for outbound connections.
+
 `/etc/pmg/transports`::
 
 Message delivery transport setup.
@@ -324,9 +328,13 @@ the information that is transmitted with SMTP mail. When you activate
 TLS, {pmg} automatically generates a new self signed
 certificate for you (`/etc/pmg/pmg-tls.pem`).
 
-{pmg} uses opportunistic TLS encryption. The SMTP transaction is
+{pmg} uses opportunistic TLS encryption by default. The SMTP transaction is
 encrypted if the 'STARTTLS' ESMTP feature is supported by the remote
-server. Otherwise, messages are sent in the clear.
+server.  Otherwise, messages are sent in the clear.
+You can set a different TLS policy per desitination domain, should you for
+example need to prevent e-mail delivery without encryption, or to work around
+a broken 'STARTTLS' ESMTP implementation. See {postfix_tls_readme} for details
+on the supported policies.
 
 Enable TLS logging::
 
-- 
2.11.0