Over in Installation ( Server-to-server TLS howto? ) I asked this and got no responses. I figured I'd try here:

I have a working server that accepts TLS connections from clients and incoming mail, no problem.

What I want is to define certain domains, such that when my mail server is delivering mail to those domains, it must ALWAYS use TLS, and if it fails to make a TLS connection, it must fail and either queue the mail for a later TLS delivery, or bounce it to the sender.

Anyone got a place for me to start, on this?