On Tue, Nov 11, 2014 at 12:50:42PM -0500, Wietse Venema wrote:
> > Is it possible avoid that if my Postfix send an email to an External
> > Domain which is required to be encrypt in TLS, the email is kept in deferred
> > queue?
> > We would like in that case reject that because we think that it?s a
> > permanent error for us and we would like advise the sender as soon as
> > possible of the error.
>
> http://www.postfix.org/postconf.5.html#smtp_delivery_status_filter
Yes, this "works", but it is very much not recommended. When
receiving systems botch their certificate chains (expired, incomplete
chain, ...) and mail is delayed, they should generally be motivated
to fix the problem quickly.
Instead I would just enable delay warnings for (after ~2 hours).
That should give the sender a reasonably timely indication of a
problem, without abandoning attempts to deliver the mail if the
problem is fixed promptly.
--
Viktor.
