I am trying to force submission (with SMTP auth via SASL) clients on tcp/587 to use TLS. Is there anyway to do this? I ran across smtp_enforce_tls, but this seems to force any and all SMTP clients to use TLS which is not what I want (this is a public facing machine).
Will I need to implement some type of submission policy like this or am I understanding the policy structure incorrectly? <snip from http://www.postfix.org/TLS_README.html> /etc/postfix/main.cf: smtp_tls_policy_maps = hash:/etc/postfix/tls_policy /etc/services: submission 587/tcp msa # mail message submission /etc/postfix/tls_policy: [example.net]:587 encrypt protocols=TLSv1 ciphers=high [example.net]:msa encrypt protocols=TLSv1 ciphers=high [example.net]:submission encrypt protocols=TLSv1 ciphers=high </snip from http://www.postfix.org/TLS_README.html> kind regards, Terry