I would like users to be forced into using TLS for everything. Is there a "zimbra" way to force users to use TLS?

I know how to do this manually for postfix, but I don't even know what zimbra is using for imap and pop. Also I am assuming that I should not directly modify the underlying config files. I wouldn't want my settings to get lost during an upgrade.