On 7/30/2014 11:43 PM, Patrick Ben Koetter wrote: > > We have a few customers who must ensure that some parties use encrypted > transport when send messages to them. I'm looking for a mechanism to enforce > that on the default MX channel. It seems easier than spending hours telling > their operators how to configure their MTA to route messages to a dedicated > IP/port. >
You can do that much already. # somewhere in main.cf check_sender_access hash:/path/to/tls_required # tls_required example.com reject_plaintext_session The real problem is this doesn't/can't enforce the From: header, which is the only thing the end-user will eventually see. Verifying the client can't fix that. -- Noel Jones
