One of our customers has made a policy decision that all email incoming and outgoing needs to be over a TLS encrypted channel. So they expect to send to us over TLS and expect us to send to them over TLS.

Can anyone tell me exactly what I will need to configure to allow this.

Our setup -
MX records point to external ISP mail relay/spam filters
ISP delivers mail to our mail server.

Outgoing mail goes directly from our mail server

They wish the configuration to require TLS - not to fall back to plain text if TLS cannot be established.

I have seen wiki articles Postfix PCI Compliance in ZCS - Zimbra :: Wiki and Outgoing SMTP Authentication - Zimbra :: Wiki but I'm still confused

Thanks in advance