> On Apr 28, 2018, at 3:40 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote: > > So far I have one genuine sender that is failing TLS, but upon > checking I see that it falls back to cleartext.
It'd be interesting to know why that particular sender is having trouble. Can you provide more detail? Some senders have SMTP client implementations that refuse to complete a STARTTLS handshake when they can't verify the server's certificate chain, but are then willing to send in the clear. The logic of downgrading from unauthenticated encryption to unauthenticated cleartext rather escapes me. :-) http://postfix.1071664.n5.nabble.com/Another-yahoo-problem-tp89756p89769.html -- Viktor.
