On Tue, Dec 17, 2024 at 08:43:48AM +0100, Ansgar Wiechers via Postfix-users
wrote:
> On 2024-12-17 Tobi via Postfix-users wrote:
> > I'm looking for a way to achieve the following: if postfix smtp client
> > cannot establish a TLS connection to MX host then we want to change
> > nexthop **and** add a suffix to the subject. The goal is to route back
> > the mail to the handing-over server (a system under our control) with
> > a special tag in subject which then triggers a content encryption. And
> > after that it hands over the encrypted message to the very same system
> > (the one that returned before) but then - as the message now is
> > encrypted - the system should not care about the TLS connection to the
> > MX anymore and deliver it even if plain.
>
> Why not encrypt the message right away and save yourself the hassle, if
> you already have that option? Transport encryption beyond the next hop
> is outside your control anyway.
Usability is then significantly degraded.
This is achievable by:
- Configuring the normal smtp transport to *require* TLS.
- Configuring failure of TLS to always be a soft failure,
(See smtp_delivery_status_filter)
- Configuring a fallback relay that forwards to a second
Postfix instance.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
