On 12/20/2018 11:42 AM, Stefan Bauer wrote: > Hi, > > i use smtp_tls_security_level = encrypt - if remote site have mx like > > mx 10 mail1 without tls > mx 100 mail2 fake-mx with no open port > > postfix detects lack of tls on mx10goes to mx100 and waits > maximal_queue_lifetime. > > i don't like fake mx as they create a long delay. > > i could reduce queue lifetime but in general thats bad for real > systems with temp issues. > > how do you handle this? > > Stefan
Most people handle this by not using "encrypt" on a public server. Postfix can't tell why the MX is dead, so the behavior is correct. If you want to handle it differently, you'll need to add rules for each site, such as a transport map entry that points only to the main MX, or an error: transport entry. -- Noel Jones
