How to enforce TLS inbound from and outbound to a specific external domain
You need to enforce TLS connections inbound from and outbound to a specific external domain
Add the external domain to Messaging Gateway.
In the control center, go to (Protocols -> Domains).
Click Add Type the domain name (everything after the @ sign) in "Domain or email address"
Local domain (Accept inbound mail addressed to this domain)"
Enable enforcing TLS incoming from this domain.
Check "Reject mail from this domain if not sent using TLS"
Enable enforcing TLS outgoing to this domain.
Click the Delivery tab.
Optional delivery encryption
Select one of the options below:
"Attempt TLS encryption" (Optional TLS)
"Require TLS encryption and don't verify certificate" (TLS required, but the certificate won't be verified)
"Require TLS encryption and verify certificate" (TLS required and the certificate must be verified)
Scroll to the bottom of the page and click "Save"