EDIT: Ok, so good news, I figured out my own problem. Turns out, while I didn't create an MX record in Cloudflare for my LQ subdomain, M365 had somehow added the subdomain as an Accepted Domain in our tenant, so it wasn't relaying email to the LF server. I do have a question about the EmailDrop feature. Does LF use TLS when receiving the email or does that entirely depend on the sending email server? Is there a way to enforce TLS for EmailDrops?
LF appliance supports TLSv1.2 or plain text for sending and receiving emails. The TLS has the priority. This email configuration is pre-configured in postfix and is Not changeable from admin interface. Yes, when a remote mail servers supports TLSv1.2 then the encrypted connection will be negotiated. In case any compatible TLSv1.2 cipher suite can't be negotiated then the emails are sent in plain text.
