A) qmail-remote By default Qmail Toaster (QT) will encrypt opportunistically. If encryption is offered by the remote host QT will encrypt messages. If encryption is not offered by the remote host the message(s) will remain un-encrypted. Most SMTP servers offer encryption, it is rare that one will not. Stop TLS encryption for a particular domain: 1) # nslookup -type=mx 'domain.tld' domain.tld mail exchanger = 0 mx.domain.tld. 2) # mkdir /var/qmail/control/notlshosts/ 3) # touch /var/qmail/control/notlshosts/mx.domain.tld Stop TLS encrypiion for all domains: 1) # mkdir /var/qmail/control/tlshosts 2) # touch tlshosts/exhaustivelist Force TLS encryption for a particular domain or Exceptions to 'control/tlshosts/exhaustivelist': 1) # nslookup -type=mx 'domain.tld' domain.tld mail exchanger = 0 mx.domain.tld. 2) # mkdir /var/qmail/control/tlshosts For <=qmail-1.03-3.3.7 3) # cp /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /var/qmail/control/tlshosts/mx.domain.tld.pem or # ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /var/qmail/control/tlshosts/mx.domain.tls.pem For >qmail-1.03-3.3.7 (to come) 3) # touch /var/qmail/control/tlshosts/mx.domain.tld.pem B) qmail-smtpd To come...