On Mon, Mar 03, 2014 at 11:34:20AM -0500, Wietse Venema wrote:
> Ralf Hildebrandt:
> > * Wietse Venema <wie...@porcupine.org>:
> >
> > > > Yes, but the delay notice is (probably!) too cryptic for the end-user.
> > >
> > > Nonsense. It is the exact same error message that you want Postfix
> > > to send in a bounce email.
> >
> > None of the users actually read this :(
If neither are read, there is no advantage in sending a bounce,
rather than a delay notice. Sending a bounce would just speed up
the repeated re-transmission loop.
The sender knows the address is valid, and yet mysteriously the
email is not delivered. So they try again:
https://secure.flickr.com/photos/sluggerotoole/153603564/?rb=1
> No surprise :-) After pondering this over, I have come to the
> conclusion that this man-made problem has no "right" solution.
>
> I'll look into the kludge that transforms all Postfix's mail delivery
> error messages, instead of messing up Postfix by introducing special
> cases for arbitrary error conditions.
The problem is indeed man-made. DO NOT unilaterally configure
mandatory TLS. To use TLS, the other side has to signal support
for TLS (be it a bilateral agreement to use mandatory TLS,
opportunistic DANE TLS, or just STARTTLS in the EHLO response).
--
Viktor.
