We have a few companies that we need have ALL email traffic encrypted.
We can no longer 'blindly trust' the end user to not include sensitive
information in email. A VPN would be a easier solution but its not an
option at this point.
So, the outbound appears to be simple:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
with
domain.com encrypt
.domain.com encrypt
basically, if the email is destine for THIS (or these) domain(s),
enforce encryption. If we cannot, immediately return the email.
But how to i enforce email connections FROM specific sites (ip's) to be
encrypted, i.e. reject_if_NOT_tls_connection?
Vernon
