I was expecting that the mail would bounce as the first MX refuses to talk TLS and i mapped that to a perm error. But postfix skips the one with temporary/temp error and delivered to the second that offered TLS.
Am Di., 18. Sep. 2018 um 14:36 Uhr schrieb Wietse Venema < wie...@porcupine.org>: > Stefan Bauer: > > Hi, > > > > i noticed the following today. Is this part of the standard? > > There is no standard that requires TLS for MTA-to-MTA deliveries. > > > For recipient domain: > > > > MX 5 mx1.recipient.com - does not support TLS and refused delivery with > > temp error > > MX 10 mx2.recipient.com - does support TLS and took the mail > > > > Sep 18 10:36:29 B245080E75: TLS is required, but was not offered by host > > mx1.recipient.com[1.2.3.4] > > Sep 18 10:36:29 Untrusted TLS connection established to > > mx2.recipient.com[5.4.3.2]:25: > > TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > > > smtp_delivery_status_filter was in place for above temp error, but it was > > not mapped to permanent error (which makes sense to me. > > What is the problem? > > Wietse >
