SOLVED /// I think Good afternoon, I've setup a postifx server according to these instructions http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu-10.04 it's working well, I've also enabled opportunistic TLS but I'm trying to figure out if I can enforce TLS on outbound mail and leave inbound mail with opportunistic TLS Can anyone point me in the right direction? /edit it's only certain domains I need to enforce for, this command seems to be what I'm after smtp_tls_policy_maps = hash:/etc/postfix/tls_policy but I'm buggered if I can find the right syntax for the tls_policy file, everything I try stops postfix delivering altogether /edit edit edit think I've got it. This parameter in postfix/main.cf does the trick smtp_tls_security_level = encrypt This means that the server will accept any mail inbound but will only send mail to TLS enabled servers. Not suitable for everyone but as this server was only ever intended to relay mail to certain domains that we know are TLS enabled, it works for us. Also, I used this on a test server first and discovered that the server tries to deliver the mail to amavis but amavis doesn't do tls so the mail bounced. was fine once I disabled amavis. It's also fine delivering to servers that have amavis on them just don't have this rule on the same server as amavis