# Postfix & TLS



## ph0enix (Jul 16, 2010)

Hi, I'm trying to figure how to force TLS in Postfix but only for specific mail destinations.  Can I do that?

Thank you! 

J.


----------



## ph0enix (Jul 18, 2010)

The solution was found here:
http://www.postfix.org/TLS_README.html

Example:


```
/etc/postfix/main.cf:
        smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
        # Postfix 2.5 and later
        smtp_tls_fingerprint_digest = md5
    /etc/postfix/tls_policy:
        example.edu             none
        example.mil             may
        example.gov             encrypt protocols=SSLv3:TLSv1 ciphers=high
        example.com             verify     
                match=hostname:dot-nexthop protocols=SSLv3:TLSv1 ciphers=high
        example.net             secure
        .example.net            secure match=.example.net:example.net
        [mail.example.org]:587  secure match=nexthop
        # Postfix 2.5 and later
        [thumb.example.org]         fingerprint
        	match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
    	match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
        # Postfix 2.6 and later
        example.info            may protocols=!SSLv2 ciphers=medium exclude=3DES
```


----------

