Viktor Dukhovni:
> On Tue, Nov 11, 2014 at 12:50:42PM -0500, Wietse Venema wrote:
>
> > > Is it possible avoid that if my Postfix send an email to an External
> > > Domain which is required to be encrypt in TLS, the email is kept in
> > > deferred
> > > queue?
> > > We would like in that case reject that because we think that it?s a
> > > permanent error for us and we would like advise the sender as soon as
> > > possible of the error.
> >
> > http://www.postfix.org/postconf.5.html#smtp_delivery_status_filter
>
> Yes, this "works", but it is very much not recommended. When
> receiving systems botch their certificate chains (expired, incomplete
> chain, ...) and mail is delayed, they should generally be motivated
> to fix the problem quickly.
I agree that screwing up with certificates is easy enough, but this
is a case where the MX server does not announce STARTTLS support.
Wietse
> Instead I would just enable delay warnings for (after ~2 hours).
> That should give the sender a reasonably timely indication of a
> problem, without abandoning attempts to deliver the mail if the
> problem is fixed promptly.
>
> --
> Viktor.
