Hi Robert, thanks. already saw that but i dont want to bother remote sites with a 'full verify'. still like the policy server approach. should be no big thing for a coder - familiar with perl.
Am Samstag, 22. Dezember 2018 schrieb Robert Schetterer <r...@sys4.de>: > Am 22.12.18 um 07:55 schrieb Stefan Bauer: >> >> nights later, a better approach seems to have a policy service that does the tls pre-checking. > > > long time ago i wrote this > > https://blog.sys4.de/recipient-verification-tls-mandatory-modus-en.html > > perhaps it helps > >> >> Something like this already around? ( i'm no coder but want to sponsor that if someone can do it) pm please >> >> Am Donnerstag, 20. Dezember 2018 schrieb Viktor Dukhovni < postfix-us...@dukhovni.org <mailto:postfix-us...@dukhovni.org>>: >> >> On Dec 20, 2018, at 1:25 PM, Stefan Bauer <cubew...@googlemail.com <mailto:cubew...@googlemail.com>> wrote: >> >> >> >> I'm aware of such exceptions but I don't like to set them. Our policy is safe or not at all via mail. >> > >> > That policy has a cost. You don't like the cost, but there it is... >> > >> >> I would like to have a setting like do not try next mx, >> >> if first mx lacks tls support. it assumes that if tls is >> >> not avail on primary it will for sure also not be avail >> >> on second and third. >> > >> > Sorry, Postfix does not and will not do that. Data-mine your logs >> > for deliveries that fall back to a dead MX host (connection failure >> > and a large "c" value (>= smtp_connect_timeout) in the "delays=a/b/c/d" >> > part of the log entry, e.g. >> > >> > delays=263861/0.01/60/0, dsn=4.4.1, status=deferred >> > (connect to <guilty-party>: Operation timed out) >> > >> > Then, if you refuse to ever deliver in the clear, reject mail to >> > the domain. >> > >> > transport: >> > example.com <http://example.com> error:5.1.2:Destination domain does not support STARTTLS >> > >> > -- >> > -- >> > Viktor. >> > > > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Schleißheimer Straße 26/MG, 80333 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein >
