On 18 Aug 2020, at 04:51, Dominic Raferd <domi...@timedicer.co.uk> wrote: > On Tue, 18 Aug 2020 at 11:29, Leonardo Rodrigues > <leolis...@solutti.com.br> wrote: >> >> Question: is there some parameter to allow smtp daemons to, >> somehow, fallback to non-TLS deliveries after, for example, N number of >> delivery tries or N seconds, for example? I have already searched on >> TLS_README.html but couldn't find anything like that. (running postfix >> 3.5.4)
> smtp_tls_security_level = may The specific info on this can be found on http://www.postfix.org/TLS_README.html#client_tls_policy which says, specifically: #v+ > A small fraction of servers offer STARTTLS but the negotiation consistently > fails. As long as encryption is not mandatory, the Postfix SMTP client > retries the delivery immediately with TLS disabled, without any need to > explicitly disable TLS for the problem destinations. #v- > This is 'opportunistic TLS'. Normally you should not need to (and > should not) change any other smtp_tls_* settings from their defaults. You should probably set smtp_tls_connection_reuse=yes I also have smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5 smtp_tls_loglevel = 1 And I don't think either of those is the default (at least not according to postconf -d) but the first may be legacy that is obviated by smtp_tls_mandatory_protocols defaults? -- The Auditors avoided death by never going so far as to get a life --The Thief of Time
