Harakiri: > I know about all the difficulties with MX lookup etc, the original > goal would be - that i have a policy for external domains - and > that for certain domains a message should only be sent if TLS is > available - if a message to a certain domain is sent which does > not support TLS - it should be blocked - i know i could probably
In that case, everything you need already exists. 1) Configure the Postfix SMTP client to REQUIRE TLS. smtp_tls_security_level=encrypt 2) Configure the Postfix SMTP server to reject mail that cannot be delivered via SMTP-over-TLS. smtpd_recipient_restrictions = reject_unverified_recipient permit_mynetworks reject_unauth_destination See also: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient http://www.postfix.org/ADDRESS_VERIFICATION_README.html#caching Wietse