I wanted to send a mail to a domain yesterday, that was using dead MX records and one the one MX that was alive, was presenting an untrusted certificate (my server uses verify by default). I added a transport map (or “route” as mailcow-dockerized calls it) that points to the alive MX plus a TLS policies for the domain and MX that asks for “may”, but flushing the queue I still got “untrusted certificate”. I temporarily changed my default to may and the mail was delivered.
Are TLS policies applied at all after setting a domain specific transport? I cannot rule out that the problem is mailcow specific of course. Thanks, Joachim
