On Wed, Sep 14, 2016 at 01:11:53PM +0100, Dominic Raferd wrote:
> I am using Postfix 3.1.0 and following instructions at
> http://www.postfix.org/TLS_README.html#client_smtps to set up for sending
> some (recipient dependent) emails via smtps (whereas others go over TLS to
> a different relay server).
Otherwise also called "TLS wrapper mode" in which a TLS handshake
takes place immediately after the TCP 3-way hanshake, and the SMTP
session runs inside TLS. Note that:
smtp_tls_wrappermode = yes
is a global setting for the transport, that is, it depends only
on the transport used, not the nexthop domain.
> So when it fails, Postfix falls back using the hosts
> specified in main.cf's smtp_fallback_relay (*not* relayhost, which is used
> for emails that don't have a match in the transport list).
It does not matter whether "smtp_fallback_relay" is in main.cf or
in master.cf specified per transport. Either way, the fallback
delivery always uses the same transport agent used for the primary
nexthop. Which means that smtp_fallback_relay will use smtps,
when the primary nexthop uses smtps. This does not depend on
the nexthop destination's port number.
What you're looking for is a new feature, in which wrapper mode is
enabled conditionally, only when the port is 465, and not when it
is some other port. That code has not been written.
It is hard to imagine why an MSA on port 465 would implement quotas.
Generally, port 465 MSAs just do outbound submission, and not
inbound mailbox delivery. Is there some provider that's mixing
up these services? Is this configuration self-inflicted?
If the primary MSA provider also supports STARTTLS on port 587,
use that instead, and don't enable TLS wrapper mode.
--
Viktor.
