DevHeads.net

Enforced inbound TLS ciphers

I'm enforcing inbound TLS from my internal network with these settings:

main.cf
smtpd_tls_security_level = may

smtpd_sender_restrictions =
check_client_access cidr:/etc/postfix/enforced_inbound_tls.cidr

enforced_inbound_tls.cidr
10.0.0.0/8 reject_plaintext_session

My question is, does the following setting in main.cf apply to tls
connections that are enforced with check_client_access? If yes, then is
there a way to set this to low for a particular IP or subnet, and leave
it to medium for everybody else?

smtpd_tls_mandatory_ciphers = low