Hi, Le 22/02/2020 à 19:55, Søren Aurehøj a écrit : > Hi Misc > > I am using OpenSMTPD 6.6.0 on OpenBSD 6.6 stable > > Currently I’m using the tls-require option in order to get mandatory > TLS on outgoing mail, but with that follows the normal time-out values > regarding bounce intervals. > Because of greylisting, I’m not sure that adjusting these time-out > values is the best way around this problem.
I’m not sure how greylisting is involved here. Can you elaborate? > I have tested the scenario with a mailserver which is unable to use > TLS, by sending mail to mailnesia.com <http://mailnesia.com>. > This gives the expected result - "mta event=error reason=TLS required > but not supported by remote host” in the maillog. > > My mailserver recognizes when it is unable to continue the > delivery due to a configuration setting on my mailserver. > But instead of bouncing the mail immediately, it is queued anyway for > later delivery. > > Is it possible to enforce outgoing mail to always use TLS - and bounce > more or less immediately, > if the sending mailserver registers that the receiving mailserver is > unable to meet our requirements regarding TLS? I don’t know, but it seems a bad idea: what about a transient failure? The mail systems expect you to keep retrying to deliver for some time. They are several reasons that could lead to your email being temporarily rejected because your MTA was unable to establish a correct TLS session, but still succeed some time after that. Regards, Archange
