Viktor Dukhovni:
>
>
> > On Sep 10, 2018, at 12:06 PM, Wietse Venema <wie...@porcupine.org> wrote:
> >
> > What about this?
> >
> > Example 1: convert specific soft TLS errors into hard errors, by over-
> > riding the first number in the enhanced status code.
> >
> > /etc/postfix/main.cf:
> > smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
> >
> > /etc/postfix/smtp_dsn_filter:
> > /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS:
> > .+)/
> > 5$1
> > /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/
> > 5$1
> > # Do not change the following into hard bounces. They may
> > # result from a local configuration problem.
> > # 4.\d+.\d+ TLS is required, but our TLS engine is unavailable
> > # 4.\d+.\d+ TLS is required, but unavailable
> > # 4.\d+.\d+ Cannot start TLS: handshake failure
>
> A bit tricky to match exactly the right conditions, but plausible.
> I did not remember whether one could override tempfails to hardfails,
> so I did not suggest this approach...
This can change soft<->hard failures, but it can't change
success<->failure.
This should be sufficient to handle the case that the server does
not announce TLS. It does no cover features that do not yet exist.
Wietse
