diff --git a/vm-postfix-config-sender/main.cf b/vm-postfix-config-sender/main.cf
index c4e994063..cf74d122f 100644
--- a/vm-postfix-config-sender/main.cf
+++ b/vm-postfix-config-sender/main.cf
@@ -40,7 +40,6 @@ inet_interfaces = all
 
 #STARTTLS EVERYWHERE MAGIC STARTS HERE
 smtp_tls_policy_maps = texthash:/etc/postfix/tls_policy
-smtpd_tls_loglevel = 1
-smtpd_tls_received_header = yes
 
 smtp_tls_loglevel = 1
+smtp_tls_security_level = may
diff --git a/vm-postfix-config-sender/tls_policy b/vm-postfix-config-sender/tls_policy
index f8d6a4968..af948c5e7 100644
--- a/vm-postfix-config-sender/tls_policy
+++ b/vm-postfix-config-sender/tls_policy
@@ -1 +1 @@
-valid-example-recipient.com encrypt protocols=TLSv1.1
+#valid-example-recipient.com encrypt protocols=TLSv1.1
diff --git a/vm-postfix-config-valid/main.cf b/vm-postfix-config-valid/main.cf
index 140b6f35d..a5f7ce575 100644
--- a/vm-postfix-config-valid/main.cf
+++ b/vm-postfix-config-valid/main.cf
@@ -38,5 +38,9 @@ mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 
+# STARTLS Everywhere recommended best-practice settings
+smtpd_tls_session_cache_timeout = 3600s
+smtpd_tls_received_header = yes
+
 #STARTTLS EVERYWHERE MAGIC STARTS HERE
 smtp_tls_policy_maps = texthash:/etc/postfix/tls_policy