Patryk R. wrote:
> Hello,
>
> I'm sorry if this is a newbie question. I'm trying to enforce TLS for all outgoing
> messages, my first attempt was to add to acl_check_rcpt:
> deny message = TLS is required
> domains = +local_domains
> condition = ${if eq{$tls_cipher}{}{yes}{no}}
>
> However this filtered out all incoming messages as well. My second attempt was to modify
> the dnslookup router, because all outgoing messages go through it. Here's how it looks
> like now:
>
You should use "sender_domains = +local_domains" because what you want
is limiting usage of your domains for outgoing mails
Also you can even refine the rule a little bit more by adding
either (if you use IP to determine relaying authorization)
hosts = +relay_from hosts
either (if you use authentication to determine relaying authorization)
authenticated = *