To use outbound opportunistic encryption in PowerMTA, simply add the following to your configuration file:
With this, PowerMTA will check to see if the remote mail server supports encryption. If it does, an attempt will be made to create an encrypted channel over which to send mail. If the encryption fails, or if no encryption is offered, then the mail is sent using no encryption.
To verify if the mail was sent over an encrypted channel, it is necessary to add additional fields to the CSV accounting file. This can be done with the following configuration:
If encryption is used, the above configuration will record the protocol and cipher used to deliver the message over an encrypted channel.