On Thu, Jan 16, 2025 at 08:33:39AM -0500, Wietse Venema via Postfix-users wrote:
> > dane-only to postfix in that case. Now it seems that postfix only tries
> > the first MX, sees that there is no TLSA and defers the message.
That's unexpected, because "deferring" a message is what happens only
when Postfix has exhausted the list of available MX hosts to try.
> > Should postfix in such cases not try the next MX as well? Is that the
> > intended behaviour? I somehow would have expected that postfix handles
> > this like a temp failure of a MX and therefore try the next one.
>
> That would be unexpected. I'm implementing support for REQUIRETLS
> (RFC 8689) and that code is supposed to try multiple MXes before it
> gives up.
>
> Have you perhaps configured smtp_mx_session_limit=1 ?
>
> postconf smtp_mx_session_limit
> postconf -P '*/*/smtp_mx_session_limit'
>
> (same question for smtp_mx_address_limit=1).
Subject to the configued limits as noted by Wietse. Nothing in the DANE
policy code affects (or should affect) the MX retry logic. So I
likewise suspect overly tight limits.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
