I'm wondering how others handle this. We offer TLS for all inbound traffic, which works fine 99% of the time. Every other day though I notice one or two mailservers who simply cannot cope with it. They try, but they keep getting a timeout. Something is clearly not working on their side and the email will eventually not get delivered. (I'm pretty certain they're all MSEX, but that's just a hunch).
To prevent this I check our logs regularly and use smtpd_discard_ehlo_keyword_address_maps to disable starttls for those servers that have a problem. It's a bit of a hassle, so I was wondering how others handle it? thanks Per -- Per Jessen, Zürich (7.9°C)
