-If
-.B nmh
-has been compiled with SASL support, the
-.B \-sasl
-switch will enable
-the use of SASL authentication with the SMTP MTA. Depending on the
-SASL mechanism used, this may require an additional password prompt from the
-user (but the
-.RI \*(lq \&.netrc \*(rq
-file can be used to store this password).
-.B \-saslmech
-switch can be used to select a particular SASL mechanism,
-and the the
-.B \-user
-switch can be used to select a authorization userid
-to provide to SASL other than the default.
-.PP
-If SASL authentication is successful,
-.BR nmh
-will attempt to negotiate a security layer for session encryption.
-Encrypted data is labelled with `(encrypted)' and `(decrypted)' when
-viewing the SMTP transaction with the
-.B \-snoop
-switch.
-.PP
-If
-.B nmh
-has been compiled with TLS support, the
-.B \-tls
-switch will require the negotiation of TLS support when connecting to the
-SMTP MTA. Encrypted data is labelled with `(tls-encrypted)' and
-`(tls-decrypted)' when viewing the SMTP transction with the
-.B \-snoop
-switch.
-.PP