On 18.09.18 14:43, Stefan Bauer wrote:
I was expecting that the mail would bounce as the first MX refuses to talk
TLS and i mapped that to a perm error. But postfix skips the one with
temporary/temp error and delivered to the second that offered TLS.
I think your logic is flawed. the SSL handshake can fail because of many
(temporary) reasons. If you just want to generate problems, you can try to
make that error permanent.
But the fact that secondary MX does allow TLS should mean that you were able
to pass the message to recipient server via TLS, so what's the point of
generating permanent error in this case? This is exactly what backup MX
servers are for...
Am Di., 18. Sep. 2018 um 14:36 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
Stefan Bauer:
> Hi,
>
> i noticed the following today. Is this part of the standard?
There is no standard that requires TLS for MTA-to-MTA deliveries.
> For recipient domain:
>
> MX 5 mx1.recipient.com - does not support TLS and refused delivery with
> temp error
> MX 10 mx2.recipient.com - does support TLS and took the mail
>
> Sep 18 10:36:29 B245080E75: TLS is required, but was not offered by host
> mx1.recipient.com[1.2.3.4]
> Sep 18 10:36:29 Untrusted TLS connection established to
> mx2.recipient.com[5.4.3.2]:25:
> TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>
> smtp_delivery_status_filter was in place for above temp error, but it was
> not mapped to permanent error (which makes sense to me.
What is the problem?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
