I am trying to work out the correct incantation in order to specify for a given outgoing domain that:-
* TLS is mandatory, the message is not sent unencrypted; and * if DANE is present AND if it fails to match, the message is not sent The way to do this seems to be with "smtp_tls_policy_maps". The question is whether to select "encrypt" or "dane". The problem (if I am reading it correctly!) is that "dane" falls back only to "may" if there are no TLSA records. Any advice would be most welcome... With many thanks. Best wishes, Matthew