enforce TLS on incoming mail in postfix
I want to enable mandatory TLS encryption on outgoung mail for some (not all) domains.
I solved it for incoming mail if I set:
smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
and in tls_policy
example.com encrypt
all connections from the receiving domain example.com are over TLS.
How can I enforce this for outgoing mail for some domains?
Solution 1:
You need to look at TLS Policy Maps feature. It is designed for that specific scenario. It allows you to specify 'may' or 'must' to separate domains; like this:
example.net secure match=example.net:.example.net
anotherexample.net may match=anotherexample.com:.anotherexample.com
Read more about it here:
http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps