> On Sep 19, 2016, at 12:05 PM, Viktor Dukhovni <postfix-us...@dukhovni.org>
> wrote:
>
> Outbound TLS policy by sender is not directly supported, but
> if you're willing to configure separate transports for sufficiently
> large groups of users that desire the same outbound TLS policy, you
> can employ:
>
>
> http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps
>
> to route their outbound email via an appropriate transport.
One thing that would make it easier to implement more flexible
policy in this space would be a new "DEFAULT <transport>[:<nexthop>]"
access(5) action.
This would be similar in spirit to "FILTER" but would only override
the default transport selection, rather than force all recipients
through the selected transport as with "FILTER".
It would then be possible for policy services to select the default
transport via any combination of message envelope properties. Or
for header checks to do likewise based on headers found in the message.
--
Viktor.
