On Thu, Mar 19, 2009 at 01:37:31PM -0400, Cory Coager wrote:
> If I'm reading the documentation correctly, when using smtp_tls_policy_maps
> for specific domains, if no servers are available
That is no servers offer TLS, or do offer TLS, but with unsatisfactory
certificates.
> the email will be deferred?
Yes.
> Is there a way to change this to a permanent failure?
No, doing this would be a design error.
- When an attackers temporarily disable TLS between you and a remote
domain, they should not be able to cause messages to bounce.
- When attackers provide false DNS responses for the MX hosts of the
target domain, they should not be able to cause messages to bounce.
- When an administrator of the remote server screws up disables TLS,
messages should not bounce.
A secure channel must temp-fail when security cannot be established,
otherwise the channel is subject to tampering by untrusted parties.
Negative responses must be secured just like positive ones.
For example, both DNSCurve and DNSSEC provide cryptographic protection
for NXDOMAIN responses. No DNSCurve or DNSSEC client will turn failure
to authenticate a response into NXDOMAIN, rather both will return a
tempfail status.
Incorrect behaviour will not likely be supported any time soon,
no matter popular, unless it is the only work-around for a critical
inter-operability issue.
If you have enforced TLS destinations that consistently tempfail, and
you cannot disable TLS, but want to alert senders faster, temporarily
install a transport override for the domain:
example.com error:5.7.4 Mandatory TLS service unavailable
Whether it is wise to continue to enforce TLS for a destination where
you expect to TLS service to never be restored is something you have
to consider.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
