MTA-STS is not the only technique, DANE (rfc7672) can be used, too (and in fact it is by many big german providers at least).
See this slides for an introduction: https://www.netnod.se/sites/default/files/ 2016-12/Anders_Berggren_can_haz_secure_mail.pdf Or this wikipedia page: https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities#Email_encryption - Thilo Am Donnerstag, 15. August 2019, 10:44:16 CEST schrieb a: > You can't enforce remote peer to use SSL unless that peer is under your > control. > > Maximum that you can do - enable STARTTLS and configure MTA-STS (rfc8461). > > чт, 15 авг. 2019 г., 9:53 Eliza <e...@chinabuckets.com>: > > Hello, > > > > My MTA (postfix) has both 25 (non-SSL) and 465 (SSL) ports enabled. > > > > How to enforce the peer MTA send messages only to 465 port for better > > secure communication? > > > > Can I just shutdown port 25? > > > > Thanks.
