Hi again, > > they are not enforcing tls, since mx.suckless.org supported tls before, > > according to their log, last time mx.suckless.org has tls on > > 2023-02-06, so they use the cache for the following email delivery, but > > out of a sudden, mx.suckless.org downgrade to non tls, so email failed to > > deliver. > > > > so my question is downgrade from tls to non-tls on mx.suckless.org is a > > deliberated step? > > No, suckless.org MX configuration hasn't changed since last April (2022). > > Also, you can test yourself to see that smtps and starttls are supported. > (https://www.checktls.com/TestReceiver can help for example, > if you don't trust your own setup) > > I suspect the problem is different, maybe rather a configuration change > on your mail provider in february? > > In any case, that's not a refusal for help, don't hesitate to pass > further information on if you find something new on either side!
I think I found the issue! We're using spamd, which proxies incoming traffic from unknown senders, until their smtp has retried sending a couple times, then they're connected directly until an amount of inactivity time. That initial connection doesn't advertise tls, so I guess that's why that email provider thinks there has been a change. Maybe ask them to not enforce tls on email traffic for you? Thas sounds a bit restrictive. I'm not sure we'll get rid of spamd soon, it's a simple and nice tool, although it has a few short-comings.
