> > 1) Configure the Postfix SMTP client to REQUIRE TLS.
> > ? ? smtp_tls_security_level=encrypt
> no - as i said, my filer has own rules and can be based on recipient, sender, or a combination of both - postfix cant do this, or at least not without different policy servers
> > 2) Configure the Postfix SMTP server to reject mail that
> > ???cannot be delivered via SMTP-over-TLS.
> > ? ? smtpd_recipient_restrictions =
> > ??? reject_unverified_recipient
> > ??? permit_mynetworks
> > ??? reject_unauth_destination
> again, doesnt work - as i said i want this policy based in an existing filter - therefor i asked for a CMD app to check the existing of TLS myself
> I know about all the difficulties with MX lookup etc, the original
> goal would be - that i have a policy for external domains - and
> that for certain domains a message should only be sent if TLS is
> available - if a message to a certain domain is sent which does
> not support TLS - it should be blocked -
You can configure reject_unverified_recipient to use a message
delivery transport that requires TLS, even when normal mail deliveries
don't require it:
address_verify_transport_maps = hash:/etc/postfix/verify_transport
smtp-tls-required unix - - - - - smtp
Then, you can invoke reject_unverified_recipient SELECTIVELY
for the domains that need TLS.