Hi list we have an issue with mail delivery. We use tlspol to tell postfix if mta-sts or DANE should be used for a recipient domain. Now we have the case that a rcpt domain has 3 MX records. The first one with prio 0 has **no** TLSA records but the other two (prio 10 and 20) have proper TLSA records. The zone itself is properly DNSSec signed. tlspol returns dane-only to postfix in that case. Now it seems that postfix only tries the first MX, sees that there is no TLSA and defers the message. Should postfix in such cases not try the next MX as well? Is that the intended behaviour? I somehow would have expected that postfix handles this like a temp failure of a MX and therefore try the next one.
Kind regards tobi _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
