On Fri, Jul 07, 2017 at 03:04:11PM -0700, li...@lazygranch.com wrote:
> Would there be some way to redirect unencrypted email to some other server.
> Gmail for instance. I would then force encryption on my personal server.
SMTP does not have "redirects". SMTP security policy is up to the client:
http://www.postfix.org/TLS_README.html#client_tls_limits
Just enable STARTTLS on the server, and let the clients do the rest.
There's little to be gained on enforcing TLS on inbound SMTP servers
(``MX hosts''). By all means enforce TLS for submission, and enable
opportunistic TLS or opportunistic DANE TLS on your outbound SMTP
transport.
Rumour has it that the US army is finally aiming to deploy STARTTLS
circa July 2018:
https://motherboard.vice.com/en_us/article/bjxjxv/the-pentagon-says-it-will-start-encrypting-soldiers-emails-next-year
The fraction of mail using TLS reported by Gmail has grown considerably
over the last few years, and is now hovering around 90% by volume.
Of course much of their traffic is to other large consumer email
providers that also support STARTTLS, and not to mailing lists or
other "niche" destinations that might not bother.
https://www.google.com/transparencyreport/saferemail/
--
Viktor.
