[CentOS] Forcing TLS for SMTP?

Wed Dec 4 22:15:27 UTC 2019
Richard <lists-centos at listmail.innovate.net>


> Date: Wednesday, December 04, 2019 14:03:10 -0800
> From: Lists <lists at benjamindsmith.com>
>
> I have a goal of securing email. Updated the company mail server
> and DNS  (CentOS 7 + Postfix, otherwise pretty stock) with support
> for SPF, DKIM, and  DMARC. So far, all good, and everything "just
> works". 
> 
> Our mail server has supported SMTP / TLS for a long time, but
> recently I've  been considering requring TLS all the time. 
> 
> Is there anybody here who's done this? Has it caused any particular
> fallout?  I'm curious about: 
> 
> 1) Requiring SMTP / TLS for any inbound email. 
> 
> 2) Requiring SMTP / TLS for any outbound email. 
> 

As you indicate you have opportunistic TLS now, go back through your
mail logs and see which inbound and outbound connections aren't using
it. You will likely not be able to communicate with the corespondents
involved on those connections if you require TLS on all connections.

   - Richard