Which settings would I need to change to force both my users connecting to Zimbra as their SMTP AND Zimbra connecting to my outgoing gateway to use TLS for their SMTP transaction? I need to still allow incoming mail without encryption.

To be clear I want to force the user to use TLS when sending mail. I have set the web mode to https only and I need to make sure that their desktop client HAS to use TLS and SMTP Authentication in order to get mail out.

I also need to force Zimbra to use TLS when sending outbound mail to my edge MTA. This gateway has been set as my Web mail MTA Hostname and my Relay MTA for external delivery via the GUI.