Mandatory TLS Between Mail Servers

[tokyobrit]

We are looking to migrate our existing Exchange mail system to a better one, but for many we've looked at we've hit a stumbling block.

Some of our customers require mandatory TLS when sending/receiving emails between our domains, but the only mention of TLS I've seen on the forums and in the technical guides for Zimbra is TLS between a client and the server, not between a server and a server.

Is it possible to implement mandatory TLS between mail servers using Zimbra?

[Krishopper]

There isn't any way built into Zimbra to support that, and there probably never will be.

You could check on the Postfix mailing list or documentation (see Postfix TLS Support) to see if there's any way to tweak the postfix configs to force that, and then backport that into the Zimbra postfix configs.

EMail was never designed to be secure. And even now, the only way to force security is within the mail server itself, and the connection between the client and the mail server.

Another option would be to set up a simple IPSEC/PPTP VPN link between the two servers and ensure that any packets going between them are fully encrypted. Personally, I think that would be a whole lot easier than trying to hack the SMTP server to tell it that TLS is required.