thank you. this is awesome!
Am Dienstag, 18. September 2018 schrieb Viktor Dukhovni : >> On Sep 18, 2018, at 5:58 AM, Stefan Bauer <cubew...@googlemail.com> wrote: >> >> I noticed the following today. Is this part of the standard? > > You should have asked "is this expected behaviour in Postfix"? And the > answer is "yes". > >> For recipient domain: >> >> MX 5 mx1.recipient.com - does not support TLS and refused delivery with temp error >> MX 10 mx2.recipient.com - does support TLS and took the mail >> >> Sep 18 10:36:29 B245080E75: TLS is required, but was not offered by host mx1.recipient.com[1.2.3.4] >> Sep 18 10:36:29 Untrusted TLS connection established to >> mx2.recipient.com[5.4.3.2]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) >> >> smtp_delivery_status_filter was in place for above temp error, but it >> was not mapped to permanent error (which makes sense to me. > > This is because "smtp_delivery_status_filter" applies to the *final* status > of a recipient once all the applicable MX hosts have been tried: > > http://www.postfix.org/postconf.5.html#default_delivery_status_filter > > Note: the (smtp|lmtp)_delivery_status_filter is applied only once per > recipient: when delivery is successful, when delivery is rejected with > 5XX, or when there are no more alternate MX or A destinations. Use > smtp_reply_filter or lmtp_reply_filter to inspect responses for all > delivery attempts. > > -- > Viktor. > >