On Wed, 2019-02-13 at 07:31 +0000, Stefan Bauer wrote: > As alot of sites nowadays enforce TLS, this is a showstopper, when the > primary MX is rejecting connections by greylisting, sender tries > second(backup) mx and fails due to missing STARTTLS. If the backup mx > would also use greylisting, the client would come back later to primary > MX and would be able to deliver.
Hi Stefan, The vast majority of public MX servers do not enforce TLS, they offer opportunistic TLS whereby TLS is supported if asked for but a plaintext SMTP conversation is still supported. From RFC 3207: A publicly-referenced SMTP server MUST NOT require use of the STARTTLS extension in order to deliver mail locally. This rule prevents the STARTTLS extension from damaging the interoperability of the Internet's SMTP infrastructure. A publicly-referenced SMTP server is an SMTP server which runs on port 25 of an Internet host listed in the MX record (or A record if an MX record is not present) for the domain name on the right hand side of an Internet mail address. Likewise, if your public MX server required TLS when speaking with other public MX servers, regardless of whether or not they offer it, that is your "showstopper". Ken. _______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
