Example: e-mail sent to secure.example.com should only use an encrypted connection. E-mail received from hosts within the laptop.example.com domain should only be accepted if they have been authenticated. The host which receives e-mail for darth@endmail.org must present a cert that uses the CN smtp.endmail.org.
TLS_Srv:secure.example.com ENCR:112
TLS_Clt:laptop.example.com PERM+VERIFY:112
TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
https://www.sendmail.org/~ca/email/doc8.12/cf/m4/starttls.html
Use TLS_Rcpt access table entries. to specify per recipient's domain requirements.
TLS_Rcpt:fooexample.com ENCR:112
Given that the other company's FQDN is domain, your entries can be:
TLS_Srv:domain ENCR:128 TLS_Clt:domain ENCR:128 TLS_Rcpt:domain ENCR:128 The 'Srv' entry will cause TLS to be utilized for connections to systems in domain. The 'Clt' entry will require TLS be utilized for connections from systems in domain. And the 'Rcpt' entry will require TLS be utilized for connections to any system if the recipient's RHS is in domain.https://groups.google.com/g/comp.mail.sendmail/c/jB6u-OIdCJg
確認
$ telnet mail.example.com 25 Trying xxx.xxx.xxx.xxx... Connected to mail.example.com. Escape character is '^]'. 220 mail.example.com ESMTP Sendmail ... HELO mail.example.net 250 mail.example.net Hello mail.example.com [xxx.xxx.xxx.xxx], pleased to meet you MAIL FROM: email@example.net 454 4.7.0 encryption too weak 0 less than 112
参考
telnetでメール送信