On Thu, Mar 31, 2016 at 10:21:00PM +0200, A. Schulze wrote:
> As mentioned we see numerous domains with the same broken MX.
> I have to list them one by one in the transport table
> or did I forgot a cool configuration to catch any destination domain with
> this specific MX?
There is no such cool configuration.
If you have Postfix 3.0.4 or 3.1.0, and you're willing to "downgrade"
TLS to suppress forward-secrecy when ECDHE is not available for
all mail that fails first delivery, you could configure a second
Postfix instance as an "smtp_fallback_relay", and disable kDHE/kEDH
only in the fallback relay instance.
This is a bit tricky to set up, and only works with 3.0.4 and later.
(Supposed to work with 3.0.0, but there's a bug fixed in 3.0.4 that
makes it avoid transport throttling).
--
Viktor.
