We've currently reviving the STARTTLS Everywhere (https://github.com/EFForg/starttls-everywhere) project at EFF. Some of the features it currently has:
* Know about a set of major email domains that are guaranteed to support STARTTLS, and what mx domains they point to * Know about the minimum TLS version that those domains are guaranteed to support * Preliminary integration with the letsencrypt python client, allowing automated installation of a valid cert from Let's Encrypt The code can currently transform all of the above into tweaks to a postfix configuration. However we quickly ran into what seems to be a bug while trying to pin TLS versions via a policy map file: https://github.com/EFForg/starttls-everywhere/issues/20
