Some of our user will use mail providers that force tls encryption. Mails from those providers are bounced with the message
TLS is required, but was not offered by host
As discussed at Straightforward direct-delivery incoming mail it should be possible without bigger problems.
I don’t want to work on it myself but can offer a hundred bucks or something if it’s working and going for public use.