A) qmail-remote

 By default Qmail Toaster (QT) will encrypt opportunistically.
 If encryption is offered by the remote host QT will encrypt
 messages. If encryption is not offered by the remote host
 the message(s) will remain un-encrypted. Most SMTP servers
 offer encryption, it is rare that one will not.

 Stop TLS encryption for a particular domain:
   1) # nslookup -type=mx 'domain.tld'
        domain.tld     mail exchanger = 0 mx.domain.tld.
   2) # mkdir /var/qmail/control/notlshosts/
   3) # touch /var/qmail/control/notlshosts/mx.domain.tld

 Stop TLS encrypiion for all domains:
   1) # mkdir /var/qmail/control/tlshosts
   2) # touch tlshosts/exhaustivelist

 Force TLS encryption for a particular domain or 
 Exceptions to 'control/tlshosts/exhaustivelist':
   1) # nslookup -type=mx 'domain.tld'
        domain.tld     mail exchanger = 0 mx.domain.tld.
   2) # mkdir /var/qmail/control/tlshosts
   For <=qmail-1.03-3.3.7
   3) # cp /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /var/qmail/control/tlshosts/mx.domain.tld.pem
        or
      # ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /var/qmail/control/tlshosts/mx.domain.tls.pem 
   For >qmail-1.03-3.3.7 (to come)
   3) # touch /var/qmail/control/tlshosts/mx.domain.tld.pem

B) qmail-smtpd

 To come...