enforce TLS on incoming mail in postfix

postfix

I want to enable mandatory TLS encryption on outgoung mail for some (not all) domains.

I solved it for incoming mail if I set: 

smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

and in tls_policy

example.com encrypt

all connections from the receiving domain example.com are over TLS.

How can I enforce this for outgoing mail for some domains?


Solution 1:

You need to look at TLS Policy Maps feature. It is designed for that specific scenario. It allows you to specify 'may' or 'must' to separate domains; like this:

example.net           secure  match=example.net:.example.net
anotherexample.net    may     match=anotherexample.com:.anotherexample.com

Read more about it here:

http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps

Related

How is excess bandwidth distributed in linux htb?
What are the pros/cons of running Chef/Puppet at regular intervals?
Nginx: reverse proxy passing client IP to the server
Credentials management within CI/CD environment
Does a Galera equivalent for Postgres exist? [closed]
System logs are empty (/var/log/messages; /var/log/secure; etc)
2FA via freeRADIUS, ignoring password
Setting up IIS reverse proxy to preserve host headers
Redis: read-only slave vs fail-over slave?
Selective mirroring over FTP
How to add Windows 2019 server to 2008 R2 and migrate DC
MD RAID - disable NCQ