enforce TLS on incoming mail in postfix

I want to enable mandatory TLS encryption on outgoung mail for some (not all) domains.

I solved it for incoming mail if I set:

smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

and in tls_policy

example.com encrypt

all connections from the receiving domain example.com are over TLS.

How can I enforce this for outgoing mail for some domains?


Solution 1:

You need to look at TLS Policy Maps feature. It is designed for that specific scenario. It allows you to specify 'may' or 'must' to separate domains; like this:

example.net           secure  match=example.net:.example.net
anotherexample.net    may     match=anotherexample.com:.anotherexample.com

Read more about it here:

http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps