-has been compiled with SASL support, the
-.B \-sasl
-switch will enable
-the use of SASL authentication with the SMTP MTA. Depending on the
-SASL mechanism used, this may require an additional password prompt from the
-user (but the
-.RI \*(lq \&.netrc \*(rq
-file can be used to store this password).
-.B \-saslmech
-switch can be used to select a particular SASL mechanism,
-and the the
-.B \-user
-switch can be used to select a authorization userid
-to provide to SASL other than the default.
-.PP
-Currently SASL security layers are not supported for SMTP.
-.BR nmh 's
-SMTP SASL code
-will always negotiate an unencrypted connection. This means that while the SMTP
-authentication can be encrypted, the subsequent data stream can not. This is in
-contrast to
-.BR nmh 's
-POP3 SASL support, where encryption is supported for both the
-authentication and the data stream.
+has been compiled with TLS support, the
+.B \-tls
+switch will require the negotiation of TLS support when connecting to the
+SMTP MTA. Encrypted data is labelled with `(tls-encrypted)' and
+`(tls-decrypted)' when viewing the SMTP transction with the
+.B \-snoop
+switch.