my point is that i already map this error to a perm one but in this case a backup mx was avail that was tls aware and was used in a second attempt. i like the noticed behavior but asked, why it is like that. expected perm error and bounce like when no backup mx avail.
Am Dienstag, 18. September 2018 schrieb Matus UHLAR - fantomas : > On 18.09.18 14:43, Stefan Bauer wrote: >> >> I was expecting that the mail would bounce as the first MX refuses to talk >> TLS and i mapped that to a perm error. But postfix skips the one with >> temporary/temp error and delivered to the second that offered TLS. > > I think your logic is flawed. the SSL handshake can fail because of many > (temporary) reasons. If you just want to generate problems, you can try to > make that error permanent. > > But the fact that secondary MX does allow TLS should mean that you were able > to pass the message to recipient server via TLS, so what's the point of > generating permanent error in this case? This is exactly what backup MX > servers are for... > >> Am Di., 18. Sep. 2018 um 14:36 Uhr schrieb Wietse Venema < >> wie...@porcupine.org>: >> >>> Stefan Bauer: >>> > Hi, >>> > >>> > i noticed the following today. Is this part of the standard? >>> >>> There is no standard that requires TLS for MTA-to-MTA deliveries. >>> >>> > For recipient domain: >>> > >>> > MX 5 mx1.recipient.com - does not support TLS and refused delivery with >>> > temp error >>> > MX 10 mx2.recipient.com - does support TLS and took the mail >>> > >>> > Sep 18 10:36:29 B245080E75: TLS is required, but was not offered by host >>> > mx1.recipient.com[1.2.3.4] >>> > Sep 18 10:36:29 Untrusted TLS connection established to >>> > mx2.recipient.com[5.4.3.2]:25: >>> > TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) >>> > >>> > smtp_delivery_status_filter was in place for above temp error, but it was >>> > not mapped to permanent error (which makes sense to me. >>> >>> What is the problem? > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease >
